Posted by Andrew Igel on Dec 4, 2018

Financial institutions face approximately 85 serious cyber attacks each year. Of these attacks, one-third succeed. While this may not seem like a large number, consider that these threats put people's money at risk each time.

Threats led to the introduction of the Federal Financial Institutions Examination Council (FFIEC). The FFIEC has created security guidelines since 1979. Security risks have changed and increased since the establishment of the guidelines.

That's why the FFIEC examination handbook gets updated regularly. These updates keep up with new risks and changing technology.

Posted by Trevan Marden on Aug 3, 2018

We’ve seen all too often that the cause of the major breaches we see in the news is failure by the organization to patch a software vulnerability for which a patch has long been available. As a result, more and more organizations are looking for solutions that help make the process of identifying and deploying patches easier and more automated. If you’re looking for a solution for patch management, here are four things to consider:

Posted by Trevan Marden on Aug 1, 2018

The quick answer is probably yes, wherever you can.

Google recently announced that since deploying physical security fobs to all of its employees, none had been successfully phished on work-related accounts. Google also announced plans to introduce its own hardware fobs – the Titan Security Key, although they look suspiciously identical to those currently offered by Feitian. This may be the endorsement needed to force greater support for the U2F standard which employs a physical fob to generate authentication tokens as a second factor.

Posted by Trevan Marden on Jul 27, 2018

Yesterday’s reports showed that Amazon AWS continues to grow rapidly--up almost 50% for the last quarter over the quarter the year before. This reflects the steady move by companies adopting cloud infrastructure to realize cost savings, and particularly companies choosing AWS to deliver these services.

Posted by Trevan Marden on Jul 25, 2018

Lydia Dwyer on our Product Management team tipped me off to a recent report released by IntSights that revealed that the financial industry is now the most-attacked industry by cybercriminals and that that the volume of security incidents continues to grow. 

Posted by Trevan Marden on Jul 23, 2018

Managed detection and response helps solve the needs of organizations who lack resources and enables organizations to better detect and respond to threats. MDR services complement an organization’s own IT or security team to help provide the extra eyes for 24x7 coverage along with security expertise and guidance for remediating potential security incidents that are detected. However, not all services provide the same features. So, it’s important to ask these four questions when looking at managed detection and response solutions.

Posted by Jack Gill on Jul 20, 2018

With Black Hat USA  2018 coming up in a few short weeks, it seems like a good time to unpack the results of their 2018 USA Attendance Survey. The survey was distributed to anyone who either attended the 2017 conference or expressed interest in visiting the 2018 session. The report covers topics from updated office policies on Facebook use to approval of President Trump, and these are what we at Cygilant thought were the most important. We are most interested to know how information security professionals are spending their time and what they’re not looking forward to combating in the next year.

Posted by Trevan Marden on Jul 18, 2018

A report from Gartner announced this week on DarkReading found that nearly one out of three companies don’t have on-staff cybersecurity expertise. Gartner research director Rob McMillan and principal research analyst Sam Olyaei compiled the 2018 CIO Agenda Survey from over 3,000 respondents the article said. And while more organizations have cybersecurity staff than previous years, one third are still lacking a dedicated resource.

Posted by Trevan Marden on Jul 13, 2018

With so many data breaches in the news, organization everywhere are reviewing their cybersecurity programs to ensure they stay out of the headlines. Since many high-profile data breaches have been caused by unaddressed vulnerabilities for which patches were available, organizations are increasingly looking to deploy solutions to help close these gaps.

How does vulnerability management help prevent hacks? 

Posted by Trevan Marden on Jul 11, 2018

This week, an article on Healthcare Info Security pointed me to the Department of Health and Human Services' Office for Civil Rights' latest monthly newsletter which reminded HIPAA-covered healthcare organizations that software patching was a critical step in securing their networks and offered some advice about the tools and processes to implement. As the article points out, the advice applies to nearly all organizations, not just those in the healthcare sector, but it can be difficult for organizations to put into practice.