New SEC Cyber Risk Disclosure Guidance: What Does It Mean for Public Companies?
February 28, 2018, Nick Son, Vice President, Cyber Risk Services, Coalfire
On February 21, the U.S. Securities and Exchange Commission (SEC) issued the long overdue cybersecurity interpretive guidance to address the methods and timing of cybersecurity risks and incidents disclosures. To signify the importance of this updated guidance, five SEC commissioners issued the guidance. The new guidance does not change any of the existing SEC rules, but it does address two new topics.
The Spectre of Chips on Meltdown
January 05, 2018, Victor Teissler, Security Associate, Coalfire
The news is rife with emerging details of Intel and other chip vulnerabilities and the hardware bugs that can potentially exploit them. While details are still developing and will likely continue to be uncovered in the days, weeks, and even months ahead, we will explore what is known to date.
How You Respond Can Make All the Difference
October 02, 2017, Doug Hudson, Senior Director, Cyber Risk Advisory, Coalfire
(Part Three of a Three Part Series)
As the narrative on the Equifax compromise evolves, the general public, politicians, and speculators continue to seek blame for what happened. Was it an unpatched vulnerability? Was Equifax not following proper configuration management? Was management derelict in their duties? At this point, the damage of leaking records including the personally identifiable information (PII) of 143 million people is done. However, it might be a good to look at what could have been done differently to reduce impact to the organization.
The Value of Governance in Minimizing Cybersecurity Incidents
September 27, 2017, Michael Addo-Yobo, Managing Principal, Cyber Risk Advisory, Coalfire
(Part Two of a Three Part Series)
Since Equifax’s September 15th statement about their well-publicized, broadly discussed major security incident, Coalfire has fielded multiple inquiries from clients who are wondering if such an incident could happen to them, and if there is anything that they can do to better protect and prepare themselves. While every situation is different, one thing is clear: cyber risk management ought to be a top priority for every enterprise, and that priority should be established and enforced through cybersecurity governance.
Protecting Confidential Data: You May Not Be as Secure as You Think
September 19, 2017, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire
(Part One of a Three Part Series)
Unless you have been out of the country or otherwise shunning the news, you have likely heard that on September 7th and again on September 15th, Equifax reported that it suffered a security incident from May 13th through July 30th, 2017. This breach is broad reaching in its individual exposure and potential future impacts, having potentially exposed the personally identifiable information (PII) of roughly 143 million U.S. consumers, including names, Social Security numbers, birth dates and, in some instances, drivers’ license numbers. The company also reported losses related to consumer credit card data, PII on dispute documents and limited PII for certain U.K. and Canadian residents.