Last week, some of the RH-ISAC staff attended RSA in San Francisco, California. We participated in several great talks, sessions and of course, ample networking time with our cybersecurity peers both in and out of the Retail industry. Here’s a rundown of our 2018 RSA experience:
Staring off the week, we attended SF CyberTalks with government and industry professionals. While at this conference, we heard from Scott Smith, Assistant Director, Cyber Division, FBI about the cyber threat landscape. There were also interesting discussions about GDPR and the need to pay attention to two-factor authentication.
We also participated in the eFraud Global Forum as a Program Committee member, engaging with fraud prevention leaders across the US and world for a full day of closed-door discussion dedicated to sharing information about reducing online fraud. Alex Brown, program manager with the RH-ISAC, facilitated a lively peer-to-peer discussion on information sharing. Here are some key takeaways from this session:
- Current State: Organizations get push back from legal and compliance on information sharing. By default, people want to know everything there is to know. Rather than go all in, organizations need to establish a step model of what can be shared effectively and prove their ability to do so.
- Need for Fusion: Many of the core issues are connected between fraud and intelligence teams, yet often times these departments don’t formalize sharing efforts. Teamwork is key as information security consumes, sorts and mines the same data that fraud teams can take and make actionable.
- It Comes Down to Trust: Information sharing is a two-way street. In order to gain intelligence, you must also share back. This creates a level of trust, association and accuracy of intelligence. The most valuable sharing isn’t necessarily associated with industry or government – it’s simply about the people and the trusted relationships you can develop.
- Navigating Corporate Culture: It begins with demonstrating the value of sharing in order to see real change within your organization. Security and Fraud leaders should use advantages seen in a broader scope to justify sharing internally.
The RH-ISAC also participated in a panel discussion with Tanium on Building Resilient Networks in Retail. RH-ISAC Member Jeff Johnson from AutoNation spoke on his organization’s use of Tanium to accelerate integrations, reduce risk through patch modernization, incorporate network isolation and better navigate incident response and orchestration.
To round out the week, we attended a Women in Security lunch hosted by Synack and Microsoft Ventures. We joined other female security leaders and Silicon Valley executives in an engaging and informative discussion, specifically about how to move more women to the forefront and help them succeed in their cybersecurity careers.
We learned a lot, shook a lot of hands, and hopefully moved the needle forward on the importance of Information Sharing, the RH-ISAC and the Retail ISAC. See you in 2019, RSA!