Onstage at the National Retail Federation Big Show, Target Chief Information Security Officer (CISO) Rich Agostino kicked things off with a big truth: Target’s 2013 data breach was significant because it introduced the retail industry to a more sophisticated type of cybercrime. It wasn’t just a wakeup call for us, but for retail as a whole.
“When I came to Target in 2014, I had to think not about how to fix the problem from 2013 and move on—but how to build a long-term strategy that’s sustainable,” he says. “We knew threats would continue to evolve and persist, and we needed to keep evolving, too.”
Over the past five years, Target has built up a cybersecurity muscle that spans our entire enterprise, and used it to become a leader in the industry. Our world-class team of hundreds of cybersecurity experts works round the clock, using cutting-edge technology to keep our company and guests’ information secure. They regularly share insights and expertise to help competitors get stronger, too.
Rich invited Best Buy CISO Adam Mishler and Chipotle CISO Dave Estlick to join him on the panel to discuss how collaborating across businesses helps everyone stay ahead of cyber threats. Read on for some of the themes they covered.
Building our team and capabilities
In the years following Target’s data breach, our teams focused on taking care of guests and helping our business recover. As we quickly built a new cybersecurity acumen, Target invested to keep the momentum going by beefing up our technology and assembling a powerhouse team of diverse experts to help us stay ahead of cyber threats and activities.
“We hired hundreds of experts with backgrounds in retail, financial services, defense, government and more—and we more than doubled the size of the team,” Rich says. “We also brought all critical cybersecurity functions in-house, and launched new capabilities that allowed us to monitor and defend our company against threats 24/7.”
Sharing our expertise
Building a strong team is a great first step. But as hackers continue to form more complex networks and carry out sophisticated cyber-attacks across the industry, it’s vital for companies to create a strong and united front.
“We consider cybersecurity a team sport,” Rich says. “Companies are stronger, and our guests and customers are safer, when we all work together to fight the crime.” The Target team regularly shares insights and pools resources with other organizations—from retailers (including competitors) to public safety officials.
Rich and Dave are both on the Board of Directors for the Retail & Hospitality Information Sharing Analysis Center, and also know each other as members of the Payment Card Industry Security Standards Council. These are two examples of networks where info security leaders connect with peers to benchmark with one another, monitor trends and share intel.
“It’s so important for information security leaders to get to know their peers,” Rich says. “Having that support system is great for everyday operations, and it can be a real lifesaver in a crisis.” In fact, the CISOs say they often call and text each other when questions or indicators come up.
Inspiring the next generation of leaders
As the technology landscape evolves, demand for skilled professionals is eclipsing the number of students entering the field—and the result is a massive talent shortage. In fact, over the next 10 years, 50% of all cybersecurity positions in the U.S. are expected to be vacant. So as a top employer, Target puts resources in place to keep the talent pipeline growing and set the next generation of cybersecurity experts up for success.
That’s another area where collaborators are key. Rich and Adam take part in the Twin Cities Cybersecurity Collaboration (TC3)—where info security leaders of companies based in Minneapolis and St. Paul meet regularly to discuss ways to narrow the gap. One important thing they’re working on is spreading the word about the broad range of career paths available.
“It’s not always clear to newcomers what a cybersecurity job actually looks like, ” Rich says. “On Target’s team, there are threat intelligence analysts who track criminals every day; engineers developing innovative software; and security teams testing our defenses to help us get better. And we try and expose our team members to a variety of jobs and skills so they can build new skills and experiences.”