LP Magazine

JUL-AUG 2014

LP magazine publishes articles for loss prevention, asset protection, and retail professionals covering shrinkage, investigations, shoplifting, internal theft, fraud, technology, best practices, and career development.

Issue link: http://digital.lpportal.com/i/352439

Contents of this Issue

Navigation

Page 40 of 68

KNISLEY: Rich, as an IT security leader for a retail company, how do you work with asset protection professionals to protect your company? NOGUERA: First and foremost, it's important for me to be an information resource helping my LP peers understand what my team thinks is really happening in the digital space. As we move closer to closing the gap between brick-and-mortar physical space and digital space, it's going to be absolutely critical that IT and LP partner more closely to understand what the threats are, and how we react to those threats. Beyond that, it's very important to partner with law enforcement. We need to get the right actionable information to our law enforcement peers. KNISLEY: Shawn, what is "actionable intelligence" that Rich mentioned, and how does it help retailers be more secure? HENRY: Actionable intelligence is really just information that you can take some overt steps to respond to. Whether we're talking about physical security or information security, it's not enough to just react to what happened. If you're reactive, then something bad has already occurred. We want to be proactive, we want to make sure that we understand in advance what's coming around the corner, and we want to know how to prepare for it. One part of actionable intelligence is understanding who the adversaries are. Who is likely to target you? What is it they're looking for? What are the techniques or the tactics that they're going to be employing against you? If you understand these things in advance, if you understand who your adversaries are and how they think, you are in a much better position to make your organization and your network resilient and robust to protect against them. KNISLEY: Lou, we continue hearing about companies being breached and critical data being lost, and often times the Secret Service is tasked with working with these companies to investigate a breach. Can you shed some light on law enforcement's role in working with companies, and what a company's expectations of law enforcement should be after a breach? STEPHENS: First and foremost, when there's a data breach, the company has been victimized, so they should expect to be treated by law enforcement with the support and discretion that law enforcement would provide any victim. That discretion is very important. In our view, a breached network is like a crime scene. There might not be a broken window or a broken door, but there are digital equivalents on the network where the hackers broke in. We want to find those clues, understand them, and try to trace them backwards to where they came from. Furthermore, we want to know what they did while they were in the network. Are they still there? How long were they there? What type of malware and hack tools did they deploy? This information is really key evidence that, along with a company's server logs, help us to understand exactly what happened, and how they did it. These cases are very technical. They are very complex. So the outcome is much better when law enforcement works hand-in-hand with companies very collaboratively and transparently. One of the things that you can expect is for law enforcement to want to work with you face-to-face to gather evidence. We'll want to send over our investigators to work with T he 2014 Retail Industry Leaders Association (RILA) Asset Protection Conference featured a panel discussion of the evolving cybersecurity threat to retailers. (Left to right) Ryan Knisley, a security expert with Accenture, moderated the panel that included Lou Stephens, special agent in charge, United States Secret Service; Shawn Henry, president of CrowdStrike Services; and Rich Noguera, head of information security, Gap Inc. Following are excerpts from the discussion courtesy of RILA. 40 JULY - AUGUST 2014 | LPPORTAL.COM DEALING WITH DATA BREACHES

Articles in this issue

Links on this page

Archives of this issue

view archives of LP Magazine - JUL-AUG 2014