Beyond the Cybersecurity Breach: To the Right of Boom

A series of cybersecurity breaches in the 2013 to 2014 timeframe were the shot heard throughout the industry for many retailers. For some retailers the shot has resulted in a direct hit, while for others it has served as a warning fired across the bow. In all cases, the impact of these events has resulted in significant changes in strategies for retailers as they fortify their defenses and protect the payment channel from cyber criminals.


Cybersecurity efforts have largely been focused on the timeline to the left of the breach event. Strategies have included shoring up the payment transaction with end to end encryption, bolstering extensive layers of protection and defensive measures, and developing improved detection and monitoring capabilities to thwart cybersecurity breaches of payment card and customer information. Among the numerous strategic efforts was the formation of the RH-ISAC to enable threat intelligence and cybersecurity information sharing throughout the industry to get ahead of the threat.


These cybersecurity efforts have demonstrated a continued diligent and programmatic effort is needed to protect against the attacks of criminals. However, these efforts in and of themselves are not enough, as the impact of payment card breaches has a ripple effect of loss and costs to many organizations outside of the breached merchant. The ensuing fraud and monetization performed by criminals is costly and broadly impacting, affecting financial firms, merchants, and the consumer cardholders to the tune of millions upon millions of dollars per year. The LexisNexis 2016 True Cost of Fraud report ( provides a grim representation of fraud statistics with indications of fraud losses increasing across the board.


Activities observed and shared between retailers within the RH-ISAC have provided insights into the complex nature of the criminal efforts in several significant events. These observations have allowed leading cybersecurity experts to see into the expertise and division of labor at the stages of the Lockheed Martin Cyber Kill Chain that include the development of tools and weapons, the delivery of these weapons, and the eventual command and control enable leading to exploitation and exfiltration of data. The adversaries are not just working together; they are creating an economic marketplace of efficiency for attacking industries and businesses. The criminal capabilities then extend into the monetization and extraction of funds through additional stages not contemplated by the Lockheed Martin Cyber Kill Chain.


In order to disrupt the cybercriminal fraud crime chain, it is apparent that we need to see increased collaborative efforts between cybersecurity and fraud professionals, applying techniques and intelligence from all sides of the equation to combat the criminals. As we wrap up Cybersecurity Awareness Month and approach Fraud Awareness Week November 13-19, 2016, let’s put our brains and efforts together to make a real difference in our continued work to secure retail. (Or some derivative of our Securing Retail theme).


– Brian Engle

RH-ISAC Executive Director 

More Recent Blog Posts