Anyone who shops will admit that a fun day at the mall or making a purchase online could turn disastrous if a credit or debit card account is hacked, and now there is a new team helping to thwart attackers and cybersecurity threats.
Working to prevent breaches by strengthening the business of cybersecurity for retailers is Trinity University alumnus Greg Genung ’05, director of development at Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). Headquartered in Washington, D.C., the nonprofit startup was established as the community resource for retail companies to share data safely with one another to minimize corporate financial risk.
The goal of the RH-ISAC is to keep retailers and consumer data safe by creating a globally driven community for threat intelligence sharing and cyber threat research. Adding caché to the program is an executive order issued by President Obama in February to promote the sharing of cybersecurity information.
At the RH-ISAC, Genung supports leading Fortune 500 retailers, all of which could be targeted for a security breach, and some already have. “If your company is being attacked, you won’t know if you are being targeted unless you are part of a community (such as the RH-ISAC) where you can ask the membership collective if they are seeing similar attack indicators, patterns, or behaviors. The RH-ISAC is changing the game to help out the good guys,” Genung says.
With explosive growth in 2015, Genung and his team spend their days working with retailers who are focused on expanding their cybersecurity programs using community-driven threat intelligence. Leading retailers like Target, Walgreens, Lowe’s, Gap, Levi Strauss, JC Penney, MGM, AutoNation, and TJX companies make up the RH-ISAC Leadership, which has seen significant growth in supermarkets and restaurants joining the community.
Genung draws upon his business degree from Trinity and experience in cybersecurity startups to develop strategy, financial modeling, marketing, and he also leads business development expansion of the RH-ISAC member companies. As a student, he worked summers and holiday breaks refurbishing computers before transitioning to the business of cybersecurity startups. Along the way he worked with former Trinity Trustee G.P. Singh at his company, Karta Technologies Inc., and with Trinity alumnus John Dickson, principal at the Denim Group, whom he characterizes as his “first mentor in cybersecurity.” Genung says once he discovered his love for cybersecurity, he never left the field.
In Texas, cybersecurity has become such a focus that the U.S. Department of Homeland Security in September awarded a five-year, $11 million grant to the University of Texas at San Antonio (UTSA) to develop cybersecurity standards. The RH-ISAC team is one of three to help accomplish that mission and brings both an information sharing and analysis center and a member-driven community to help support the research and development of these sharing standards. UTSA has worked for more than a decade in cybersecurity education and getting this new grant in partnership with the RH-ISAC “puts the RH-ISAC on the map as an organization that sets cybersecurity standards, and is a model other industries will want to emulate,” Genung says. Centering the effort to develop standards in Texas makes sense strategically, he adds, since the state has a sound economy and a strong military presence.
In 2015, the RH-ISAC model has already paid dividends for its over 100 participating retail companies. Supporting the industry in advance of Black Friday, the RH-ISAC worked with iSight Partners to release intelligence on ModPOS, a highly sophisticated criminal malware framework that has been used to target point-of-sale (POS) systems at U.S.-based retailers.
“We are all about continuing to work to advance the membership of the RH-ISAC forward. The collective intelligence model benefits both retailers and consumers alike.” Genung says. “The better these intelligence sharing standards work, the more quickly and effectively businesses can defend, which in the end better protects consumers and consumer data. When you know where others are seeing specific threats, you can be quicker to respond using indicators from trusted member-driven intelligence sources. We want to advance information sharing so that it is more useful for everyone and to help protect those of us using credit cards and doing business online everyday.”
Susie P. Gonzalez, senior manager of public relations, can be reached at [email protected] or @susiegonz.
Read the full article here.
