Accepting the Challenge

Last week was our inaugural RH-ISAC Summit in Chicago. With just over 200 attendees, we had the most significant retail industry professionals covering the latest and greatest in cybersecurity issues and trends.


Kicking off the two days of deep discussions was a session with the RH-ISAC Board of Directors sharing their vision of the future. Building on the the critically important topic of collaboration, one of our Board Members, David McLeod (CISO, JC Penney) talked about important security measures that need to be adopted more widely within the industry. He described this as “making the minority the majority,” a theme that carried throughout the Summit, and has become a mantra for the RH-ISAC community efforts.


Through collaboration and discussions in the many interactive sessions that occurred over the two-day Summit, sharing was the name of the game. The National Cybersecurity Center of Excellent (NCCoE) proposed two reference architecture projects: Multifactor Authentication for e-Commerce and Securing Non-Credit Card, Sensitive Consumer Data, both of which are intended to put promotable practices into the form of reproducible technology. Attendees listed other practices they had successfully implemented, such as geo-blocking, card data tokenization, E2E and P2P encryption, and phishing awareness training. Securing eCommerce is a significant focus for our members, and a primary research topic for the RH-ISAC that will have many ongoing workshop efforts.


RH-ISAC members presented on everything from mobile payment security to practical metrics and IoT, and our Associate Members brought their expertise to the table in areas such as using threat intel for continuous monitoring, restoring trust after a breach, and first principles for network defenders. We rounded out the lineup with global perspectives, such as the geopolitical implications for retail cybersecurity and using disruptive technologies to assist in disasters. One of the things I’m really proud of is the wide variety of topics we featured; this conference showed that the RH-ISAC membership has a multitude of risks that are not just at the traditional Point of Sale terminal.


Everyone has their favorite high points from the summit – I have to admit that recognizing the RH-ISAC top contributors at our member dinner was at the top of the list, but the Q&A session with Brian Krebs was a close second. Overall, the best part for me was seeing organizations of all sizes sitting down together and learning from one another. While the Amazons, Googles, Facebooks and AT&Ts of the world may have resources the rest of us can only dream of, we can share a vision of how to make security work. And we’ll check in on our progress next year.

More Recent Blog Posts