Data breeches at large chain stores have spurred technology leaders to form the National Retail Federation (NRF) IT Security Council.
At the National Retail Federation’s (NRF) BIG Show earlier this year, industry leaders met and discussed how they could protect customers from cyber threats. Tom Litchford of NRF writes, “NRF and the CIO Council quickly organized a community of retail IT experts. Formed under the leadership of Books-A-Million CIO Cy Fenton, the new NRF IT Security Council is an invitation-only committee made up of retailing’s leading technology security experts.”
The council provides a forum for networking, collaboration and the exchange of information. It will develop industry best practices and an effective security and risk management framework. It will also serve as a voice on Capitol Hill in order to educate law makers on what is needed to combat data theft. In addition to supporting pending legislation that would make it easier for the commercial sector to quickly share information about the latest threats and ensure cybercrimes are thoroughly investigated and prosecuted by law enforcement, the NRF is seeking a federal breach notification law that would replace conflicting laws currently on the books in 46 states and the District of Columbia. This federal measure would allow retailers to comply with a single and let consumers know their rights regardless of the state in which they live.
The council has focused heavily on education and research, offering information on secure payments strategies, data encryption and tokenization, and point of sale malware, and it plans to publish a detailed analysis of retail IT security benchmarks.
Most important to the council, though, is creating an environment that fosters the sharing of real-time cyber threats and information. According to Litchford, “The council has established partnerships with the Financial Service Industry Information Sharing and Analysis Center and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center to set up a retail industry “listserv” on cyber intelligence,” adding, “the listserv offers actionable information on cyber incidents, threats, vulnerabilities and best practices, and is available to any retailer. NRF is also collaborating with other trade associations to implement an information-sharing center to provide deeper analysis into emerging cyber threats.”