LP Magazine

JUL-AUG 2014

LP magazine publishes articles for loss prevention, asset protection, and retail professionals covering shrinkage, investigations, shoplifting, internal theft, fraud, technology, best practices, and career development.

Issue link: http://digital.lpportal.com/i/352439

Contents of this Issue

Navigation

Page 41 of 68

your IT professionals or any third-party vendors that you might have hired to help you deal with this. KNISLEY: Given your experience working with retail, what sorts of changes could retailers make to be better prepared? STEPHENS: It's important for people in corporate security to get to know their law enforcement counterparts, and vice-versa, before there is an event. We need each other's phone numbers before we need them. You don't want to be looking for them in the middle of a crisis. Quite frankly, the last thing that law enforcement wants to do is meet you for the first time while we're handing you a grand jury subpoena because we think you've been breached. In my experience trust comes through relationships. But it's a two-way street. It's really incumbent upon law enforcement to be proactive in getting to know you as well as you getting to know law enforcement. HENRY: I couldn't have said it better. And I think one of the key pieces is understanding who the actors are. There are a variety of actors looking to access your data for a lot of different reasons. In the retail space they are primarily thieves looking for personally identifiable information that they can exploit and turn into cash. But there are other groups as well. There are nations that are targeting organizations for their research-and-development assets, intellectual property, and corporate strategies. They are looking at companies that are moving overseas and partnering with foreign nations, looking for that very critical information. As it relates to organized crime groups that are targeting the retail industry, it's very important to identify them, and then take law enforcement actions to mitigate the threat. These hackers will continue indefinitely for years until they're caught because they're making a lot of money. The risk of getting caught is relatively small, comparatively speaking. And until you are actually able to take them off the playing field through the efforts of law enforcement, these things continue. It really is kind of a big dance and requires great collaboration between law enforcement, the retailer, and the third-party consultancy that is coming in to help secure the network. Law enforcement's role is about collecting evidence, and then looking for the adversary; looking for the bad guy. Those folks all have to be able to work together in a very cohesive fashion in order to be successful and to have a positive outcome. STEPHENS: A lot of these actors are a world away, safe from the prying eyes of law enforcement. And many have virtual immunity because the countries they live in will not only refuse to work with us as law enforcement, but may actually aid them. So, one goal we have is to identify them and put them in jail. But another goal is to protect the larger industry and the larger infrastructure. We really want close collaboration with the company and with third-party vendors so we can understand what the indicators are and how exactly this stuff is deployed. That way, the industry as a whole can get an idea and an understanding about what the immediate and current threats are that are out there. Here is how they're working. These are the techniques they use in their attacks. And now that we know, we're trying to build up defenses as well. HENRY: I know in my experience in retail that asset protection historically has done a much better job with information sharing than our cybersecurity leaders have. Whether formal or informal, asset protection has formed groups for information sharing. Many of the LP leaders in this room know each other personally and are friends. They do a really good job of calling up their colleagues and sharing information about bad actors and their stories. Maybe it's Lowe's letting Home Depot know that an incident has just occurred and to be on the lookout for such-and-such individuals. I think we can learn some really good lessons from what they're doing in the store environment and apply that to what we're trying to do in the digital space. Because as soon as an adversary succeeds with some given attack on one organization's network, you can rest assured they'll be targeting others. STEPHENS : I think that you're absolutely right. If everybody is able to better defend, everybody becomes stronger. I think there are actually lots of similarities between the physical world and the cyber world, but of course there are also differences. And one of the differences is the speed at which things occur. In network security, the adversaries are changing their tactics and their techniques literally on a daily basis. And to be able to stay a step ahead of that is very, very difficult. The way we normally think to share information, by phones calls, list serves, emails, personal contact— these things don't always scale in this environment because of how broad the threats are and how broad the adversary pool is. They're working globally from anywhere in a hundred different countries. So, there are a lot of efforts toward making people much more "First and foremost, it's important for me to be an information resource helping my LP peers understand what my team thinks is really happening in the digital space. As we move closer to closing the gap between brick-and-mortar physical space and digital space, it's going to be absolutely critical that IT and LP partner more closely to understand what the threats are, and how we react to those threats." – Rich Noguera 41 LP MAGAZINE | JULY - AUGUST 2014 DEALING WITH DATA BREACHES

Articles in this issue

Archives of this issue

view archives of LP Magazine - JUL-AUG 2014