Cyber Security Fraud in the Banking Industry: Lessons Learned in OCC Examiner Training
January 03, 2012, Rick Dakin, CEO, Co-founder and Chief Security Strategist
In late October 2011, Coalfire participated in a day of IT audit training with about 35 bank examiners. As you would expect, we covered a lot of previously hot topics. The conversation changed as we started talking about the amount of fraud being realized by community banks and credit unions.
Phishing Season: Spam on the rise
September 01, 2011, Mike Weber, Vice President, Coalfire Labs
Within the past two weeks there have been several reports on the increase in email spam, which can be directly correlated to an increase in phishing schemes and malware attacks. These attacks are frequently being delivered under the guise of legitimate business: they come in the form of shipment confirmations, credit card statements, and IRS alerts. They all request swift action to click a link or to read an attachment to address some pressing issue. Read more
New Guidelines Address PCI DSS Tokenization
August 19, 2011, Bruce DeYoung,
“Tokenization” is one of the best techniques to reduce the risk of credit card data loss. Basically, it is the process of substituting sensitive data with other values not considered sensitive. By doing this, tokenization technology essentially removes anything of value from the data stream, and, after all, what is not there cannot get stolen. This technique can be used with sensitive data of all kinds including financial transactions and medical records.
Mobile Application Security – The New Frontier
April 18, 2011, Bruce DeYoung,
The power and popularity of consumer mobile computing is changing faster then you can say iFart (the #1 downloaded app worldwide). Commercial entities are rapidly adopting mobile-based applications for retail sales floors, restaurants and dining rooms, distributed mobile banking, and more.
Compliance and the Cloud
March 14, 2011, Tom McAndrew, EVP Commercial Services, Coalfire
“The Cloud” is a hot topic right now. Yet most people can’t even define what “the cloud” really is. As I talk to more companies, who are considering the move, they all have two main concerns: security and compliance. Of course, security and compliance are key when it comes to cloud computing, but the questions you really need to be asking is not, “Will I be secure and compliant if I move to the cloud?” but rather, “What do I need to do to be secure and compliant when I move to the cloud?”