Retail and Consumer Packaged Goods (CPG) SIG
Cyber threats to Consumer Packaged Goods (CPG) have been increasing in complexity and volume, probably due to a) the profitability of CPG industry and b) the technology employed which is a mix of traditional IT, OT (operational technology) and PoS (point-of-sale) -among others.
Existing sharing groups focus on the threat intelligence side (RH-ISAC); as FIRST.org CPG members we share the need to get together as incident responders and cyber threat management professionals, in order to share experiences, best practices and challenges to better protect our organizations.
Goals & Deliverables
- Meet regularly every month with a sufficient quorum of organizations joining the calls, so that added value is provided to attendees
- Create a constructive debate world-wide among CPG incident responders, digital forensics analysts, malware reverse engineers, vulnerability analysis (generically speaking – CSIRT members)
- Share best practices in terms of technology and processes
- Document best practices that are specific to CPG related incidents (affecting for example retail, supply chain, consumer services, food and beverages etc)
- Work with external vendors to tailor solutions (ticketing systems, cyber protection tools etc) to CPG industry needs when there are perceived gaps)
- Assist new CPG members in building a CSIRT capability
- Rafael Villoria Ferrer, Nestlé
- Jonathan Quesney, PepsiCo
Any FIRST member may join, others are welcome as well, requests must be approved by the SIG chairs.