Capital One Fraud Seminar Recap
October 26, 2017, Michael Pitcher, Vice President, Cyber Engineering, Coalfire
Recently, I was honored to be invited as a panelist at a recent seminar hosted by Capital One Spark Business to share some views on fraud prevention and cybersecurity with their customers. I was joined by a few other industry experts, Gerald Glickman, a Manager of Capital One’s Fraud Analysis team, and Jennifer Smith, who led the Cybersecurity and Data Privacy group at the Shulman, Rogers, Gandal, Pordy & Ecker law firm, to round out a diverse group from various parts of the industry. Each of us deal with fraud daily, but we have very different roles: Jennifer on the litigation side, Gerald from inside a bank, and myself from the technical perspective. Read more
New York State Implements Cybersecurity Regulation 23 NYCRR 500
March 02, 2017, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire
On March 1st, 2017, sweeping new cybersecurity requirements were placed on organizations regulated by the New York State Department of Financial Services. The law applies to a broad set of ‘covered entities’ that are supervised by the NYDFS, including banks, trusts, budget planners, check cashers, credit unions, money transmitters, licensed lenders, mortgage brokers or bankers, and insurance companies that do business in New York. While large entities most likely meet these requirements already -- and very small entities are exempted from some of the requirements --, mid-market firms will be challenged to meet aggressive implementation timelines.
Yahoo / Verizon: A $1B Data Breach Discount?
November 11, 2016, Bob Post, Senior Practice Director, Cyber Risk Advisory, Coalfire
In July of this year Verizon announced it was going to buy Yahoo for $4.8B. A few weeks later, Yahoo starts investigating a potential data breach of around 200 million records that were for sale on the Dark Web. In mid-September, Yahoo discloses that sometime in 2014, they were attacked and roughly 500 million user accounts were compromised. A couple of days later, Verizon says this is the first they’ve heard of this and that event may have a “material impact” on the purchase deal. By October news reports circulate that Verizon may ask for a $1B discount off the purchase price.
What does the FBI have to say about ransomware
October 03, 2016, Tom Glaser, Healthcare Solutions Architect, Coalfire
The FBI provided guidance on ransomware at a recent FBI/US Secret Service/ISAC event. They defined ransomware as a type of malware that is commonly transmitted through malicious email, which is disguised to look normal. Once the email link has been clicked on, or an email attachment has been opened, the malware installs on the computer. After installation is completed, files on the computer become locked using encryption and cannot be opened without the key. A ransom message is then displayed with information on how to pay the ransom.
One Way to Boost Proactive Cybersecurity
June 30, 2016, Chip Coy, Solution Architect
It’s clear from media articles that new CISOs need to make an immediate impact on their organization’s security program in the first 90 days with action items such as “make a quarterly plan for the next year”.