Request a Demo
Welcome to the Cygilant Blog

SMS Not Recommended for Two-Factor Authentication Says NIST

Posted by Trevan Marden on Jul 29, 2016

In recent years, two-factor authentication has rapidly become a standard best practice for securing accounts. One of the most common ways to implement this is through SMS messages sent to a cell phone. For example, if you enable two-factor authentication for a Google account, when you try to log in with your password from a new computer or other device, Google will send a text to your cell phone with a code you’ll need to enter on the login screen to verify that along with having the correct password, you also have physical access to the associated cell phone for the account.  That sounds good. But, recently, flaws in the SMS system have been uncovered that render this method of two-factor authentication inadvisable. In fact, the National Institute of Standards and Technology (NIST) will recommend against its use as a two-factor method.

Do You Have $4,000,000 With Which You’re Willing to Part?

Posted by Shawn O'Brien on Jun 30, 2016

 

Mistakes in the cybersecurity world have become a lot more expensive, particularly if you suffer a data breach. A new study done by the Ponemon Institute for IBM concluded that security breach costs $4 million per incident in 2016, a 29% increase from 2013. Furthermore, stolen records have climbed in cost as well, with the average loss per record now standing at $158. Stolen healthcare records have also risen dramatically, now $355 per record, up $100 from 2013. Additionally, the study revealed that the average time to identify a breach is now 201 days, and the average time to contain a breach is 70 days. Breaches identified in fewer than 100 days cost companies an average of $3.23 million and breaches found after 100 days cost considerably more, at an average of $4.38 million.

5 Takeaways From The 2016 Verizon DBIR

Posted by Trevan Marden on May 10, 2016

The Verizon 2016 Data Breach Investigations Report details findings pulled from a sampling of more than 100,000 incidents and 2,260 data breaches. The 85-page report is certainly worth a read for anyone interested in information security. For those in a hurry, here are a few of the key points I saw:

How to Bolster Your IT Security Program

Posted by Security Steve on Feb 23, 2016

With today’s elevated security threat level and related economic impact, it makes sense to do everything you can to secure your organization’s servers, desktops, and devices. How do you keep the bad guys out while securing and enabling day-to-day business? Many companies use SIEM tools for threat detection, compliance, and asset protection. I’d like to suggest a couple of additional layers of security.

 

An effective security program is a balance of people, process, and technology. When evaluating an IT security monitoring solution, it is important to consider each of these areas in the decision-making process. Your organization also needs to determine which areas should be handled internally and which should be co-managed with a trusted partner. Let’s take a look at each:

 

SMEs Will Become Even Bigger Targets of Cyber Attacks in 2016: 3 Options They Can Pursue

Posted by Shawn O'Brien on Feb 12, 2016

 

 

The 2015 cyber attacks on SMEs may be in the past, but the damages caused by these hundreds of security breaches have left their digital scars for good. And at the rate that cyber attacks occurred in 2015, we know that 2016 is going to get even worse. What this means for vulnerable SMEs is another year of fending off countless sophisticated cyber attacks and hoping to not become the next data breach in the news. Hackers know that SMEs tend to have weaker defenses than larger organizations, usually due to lack of financial and human resources. They also know that there is a wealth of customer data and intellectual property hiding behind easily penetrable defenses within these SMEs that can be a route to a bigger score (particularly if the SMEs contract with larger companies, who may be harder to penetrate directly). So if big enterprise companies such as Sony Pictures Entertainment, Hilton Hotels, and Anthem Inc. can’t protect themselves, what’s an SME to do in such a volatile world? Below are 3 options for SMEs to pursue to enhance their cybersecurity posture in 2016.

How to Elevate Your Security Visibility with SOCVue

Posted by Security Steve on Jan 11, 2016

 

To defend an organization's cybersecurity, it is essential to be able to see the threats. If IT personnel can't detect hackers' efforts, the organization may be caught off guard when an attack hits their servers. But with good security visibility, tech staffs are empowered to protect business assets.

 

Transforming IT Security at Mid-Market Organizations

Posted by Security Steve on Jan 5, 2016

If you are like most IT professionals these days, you are no doubt juggling an increasingly complex security landscape while struggling to stay up-to-date with the latest tools and techniques.

 

This can add up to an incredible amount of unproductive time. In fact, according to IDC, 35% of organizations spend more than 500 hours a month just reviewing security alerts, and The Ponemon Institute has revealed that some organizations waste a staggering 395 hours per week on average just investigating false positives!

 

Don't Waste Your Money on SIEM

Posted by Kevin Landt on Dec 18, 2015

Security information and event management (SIEM) can be an effective solution for repelling and remediating cyber attacks, but if deployed poorly, it can be a waste of money. In a webcast recording from the 2015 SC Magazine SIEM eSymposium, EiQ Product Manager Kevin Landt discusses four ways you're wasting your money on SIEM, the criteria for determining SIEM’s necessity, three considerations for SIEM deployment, and EiQ’s relevant services.

Security Monitoring Buyer's Guide: How to Choose the Best Solution for Your Company

Posted by Shawn O'Brien on Dec 7, 2015

Choosing between solutions for network security monitoring and other cybersecurity measures means evaluating competing products to determine which will provide the best results for an organization. EiQ's Security Monitoring Buyer's Guide offers recommendations for informed decision-making. The guide addresses three areas: technology, people, and process. It also introduces SOCVue, EiQ's security monitoring service, and offers five important reasons why SOCVue is useful to any organization. We've pulled together a summary of the main points:

Are You Prepared for the FFIEC Examinations?

Posted by Trevan Marden on Oct 5, 2015

We’ve been having a lot of conversations recently with banks and financial organizations about not only meeting GLBA and PCI-DSS requirements, but also making sure they are prepared for the FFIEC examinations. On the heels of the release of the FFIEC Cybersecurity Assessment Tool this summer, financial organizations are recognizing shortcomings and gaps with their current security processes and systems and looking for ways to correct the issues within constraints of limited budgets, time, and other resources.

Subscribe to Email Updates

Experience how Cygilant SOCVue and 24x7 GSOC Team can help detect threats, prioritize vulnerabilities and apply patches.

Request a Demo

Most Popular Posts

Posts by Topic

See All