The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Capital One Fraud Seminar Recap

    October 26, 2017, Michael Pitcher, Vice President, Cyber Engineering, Coalfire

    Recently, I was honored to be invited as a panelist at a recent seminar hosted by Capital One Spark Business to share some views on fraud prevention and cybersecurity with their customers. I was joined by a few other industry experts, Gerald Glickman, a Manager of Capital One’s Fraud Analysis team, and Jennifer Smith, who led the Cybersecurity and Data Privacy group at the Shulman, Rogers, Gandal, Pordy & Ecker law firm, to round out a diverse group from various parts of the industry. Each of us deal with fraud daily, but we have very different roles: Jennifer on the litigation side, Gerald from inside a bank, and myself from the technical perspective. Read more
  • New York State Implements Cybersecurity Regulation 23 NYCRR 500

    March 02, 2017, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of ‘covered entities’ that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers, credit unions, money transmitters, licensed lenders, mortgage brokers or bankers, and insurance companies that do business in New York. While large entities most likely meet these requirements already -- and very small entities are exempted from some of the requirements --, mid-market firms will be challenged to meet aggressive implementation timelines.

    Read more
  • Yahoo / Verizon: A $1B Data Breach Discount?

    November 11, 2016, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire

    In July of this year Verizon announced it was going to buy Yahoo for $4.8B.  A few weeks later, Yahoo starts investigating a potential data breach of around 200 million records that were for sale on the Dark Web.  In mid-September, Yahoo discloses that sometime in 2014, they were attacked and roughly 500 million user accounts were compromised.  A couple of days later, Verizon says this is the first they’ve heard of this and that event may have a “material impact” on the purchase deal.  By October news reports circulate that Verizon may ask for a $1B discount off the purchase price.

    Read more
  • What does the FBI have to say about ransomware

    October 03, 2016, Tom Glaser, Healthcare Solutions Architect, Coalfire

    The FBI provided guidance on ransomware at a recent FBI/US Secret Service/ISAC event.  They defined ransomware as a type of malware that is commonly transmitted through malicious email, which is disguised to look normal.  Once the email link has been clicked on, or an email attachment has been opened, the malware installs on the computer.  After installation is completed, files on the computer become locked using encryption and cannot be opened without the key.  A ransom message is then displayed with information on how to pay the ransom.

    Read more
  • One Way to Boost Proactive Cybersecurity

    June 30, 2016, Chip Coy, Solution Architect

    It’s clear from media articles that new CISOs need to make an immediate impact on their organization’s security program in the first 90 days with action items such as “make a quarterly plan for the next year”.

    Read more
  • Displaying results 1-5 (of 20)
     |<  < 1 - 2 - 3 - 4  >  >| 

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags