Posted by Andrew Igel on Dec 4, 2018

Financial institutions face approximately 85 serious cyber attacks each year. Of these attacks, one-third succeed. While this may not seem like a large number, consider that these threats put people's money at risk each time.

Threats led to the introduction of the Federal Financial Institutions Examination Council (FFIEC). The FFIEC has created security guidelines since 1979. Security risks have changed and increased since the establishment of the guidelines.

That's why the FFIEC examination handbook gets updated regularly. These updates keep up with new risks and changing technology.

Posted by Trevan Marden on Jul 27, 2018

Yesterday’s reports showed that Amazon AWS continues to grow rapidly--up almost 50% for the last quarter over the quarter the year before. This reflects the steady move by companies adopting cloud infrastructure to realize cost savings, and particularly companies choosing AWS to deliver these services.

Posted by Trevan Marden on Jun 13, 2018

In a recent article for Forbes, Dave Lewis recalls an experience earlier in his career in which the physical access controls to production servers were completely undermined by lack of proper network segmentation. In the article, he notes that traditional network segmentation is now being replaced with movement towards “zero trust.” The concepts of “inside the network” versus “outside the network” are melting away as organizations steadily move towards cloud-based and hybrid infrastructures.

Posted by Trevan Marden on May 4, 2018

A few months back, I shared how to get a 24x7 SOC without hiring. Today, let’s talk more about why you can’t afford to wait to get a 24x7 SOC up and running.  Every company, no matter what industry or size, is now the target of cyberattacks. There is no organization immune from the threat posed by internal and external threats.  Smaller companies may be even more susceptible to the risks of security breaches, ransomware, and intellectual property theft, simply because they often lack the resources needed to properly monitor, identify incidents, and respond in a timely fashion.

Posted by Lydia Dwyer on Mar 22, 2018

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) have been touted as the cure-all to security and compliance woes. The most common type of system sits on the network and inspects all inbound packets. An IDS/IPS is designed to inspect incoming packets to see if they are part of a malicious attack and drop or alert on the packets which are. But like most technologies, IDS/IPS has numerous limitations and pitfalls that vendors of these systems don’t want you to know. When considering how best to protect your organization’s network and an IDS/IPS is in the running, you should consider the following five key limitations.

Posted by Security Steve on Nov 8, 2016

Each day IT equipment, servers, firewalls, and other hardware and software systems collect and store information in the form of logs. These logs are vast, and always contain a wealth of data that companies can use to analyze everything from how efficiently they are running their businesses to the state of their IT security.

While this information is critical, there's only one problem: It's often hard to decipher because, quite simply, there's just too darn much of it.

That's where log management tools come into play. Here are three major benefits of these tools:

Posted by Kevin Landt on Sep 22, 2016

The threat from cybercriminals is real, and credit unions must be on the constant lookout for potential breaches. These institutions are very vulnerable to cyber attacks because of their smaller size, and don't always have the IT infrastructure and resources to thwart cyber attacks like their larger counterparts, according to a new 2016 Beazley Breach Response Insights report.

"You're being tested every day, whether you realize it or not," said David Luchtel, Vice President of IT Infrastructure and Operations at WSECU, according to Credit Union Times.

Posted by Security Steve on Sep 21, 2016

We’ve written recently about the importance of moving your IT security to the cloud and the business benefits of doing so, as well as burst some myths that surround cloud-based security. The fact of the matter is that vendors such as Amazon Web Services provide “a data center and network architecture built to meet the requirements of the most security-sensitive organizations. An advantage of the AWS cloud is that it allows customers to scale and innovate, while maintaining a secure environment. Customers pay only for the services they use, meaning that you can have the security you need, but without the upfront expenses, and at a lower cost than in an on-premises environment,” according to the company’s website.

Posted by Security Steve on Sep 7, 2016

When it comes to cybersecurity, companies today typically have three options:

• Do nothing or the bare minimum, and hope that cyber attackers don’t find you.
• Keep your current cybersecurity posture as is, without consistent updating or monitoring (and hope cyber attackers don’t find you!).
• Consider EiQ’s hybrid security as a service to identify threats and vulnerabilities, mitigate risk, and achieve compliance. 

Let’s look at each of these options.

Posted by Trevan Marden on Aug 9, 2016

We’ve recently written a number of posts about the role that passwords and strong authentication methods play in security. Locking down logins and implementing access controls has long been a cornerstone of information security. Most information security professional understand the factors that make passwords strong. For a quick refresher, check out our recent post on the subject. In short, a strong password is typically very long; includes numbers, mixed case, and special characters; includes no words or discernible patterns and is definitely not your pet’s name. You should also never reuse the password or use the same password across multiple systems.