Let's Talk
Welcome to the EiQ Networks Blog

Five Critical Requirements for Securing for the Internet of Things

Posted by John Linkous on Aug 14, 2017

As regular readers of the EiQ blog know, we’re suspicious of the Internet of Things (IoT), the massive collection of Internet-connected devices that don’t fall into the traditional “computer” category.  From “smart” energy meters, to in-car technology, to Internet-connected home appliances, the IoT is an incredibly broad spectrum of technologies that can gain value – in some cases, significant value, in other cases, more dubious – by connecting to other devices and networks.

Notes from the Field: Black Hat 2017

Posted by John Linkous on Jul 28, 2017

This week marked the annual descent of thousands of security professionals, hackers, security product vendors and journalists into 100-degree-plus weather in Las Vegas for the venerable Black Hat conference.  This week in Vegas always includes three significant security events: the community-minded B-Sides security conference early in the week, the deeply technical DefCon conference later in the week, and the most mainstream event – Black Hat – wedged in the middle.  All three events provide a forum for those involved in the security industry to get together and share exotic vulnerabilities and attack vectors, talk about the politics related to security (such as privacy and government monitoring), and in the case of Black Hat, see what tools and technologies vendors are coming up with to improve the security posture of organizations.

MDR vs. MSSP vs. Security as a Service

Posted by Kevin Landt on Jul 17, 2017

Managed Detection & Response, or MDR, has been generating some buzz in the security industry. Last year, Gartner created a separate category for MDR and started selling research papers. Vendors took notice and started marketing their services as MDR offerings. What does all of this mean to you?

Don’t Get Skimmed (or Scammed!): Three Steps to Protecting Your Credit and Debit Cards

Posted by John Linkous on Jul 10, 2017

Picture this: you walk up to an ATM that’s the same brand as your bank.  The ATM itself is in a well-lit area, there are lots of families walking around, and there’s even a police officer right on the corner.  Everything seems safe, right?  You slide your card into the ATM, conduct your transaction, and conclude your business as normal.

Five Steps to Compliance with New York’s New Financial Services Cybersecurity Rules

Posted by John Linkous on Jun 7, 2017

In early March, the State of New York’s Department of Financial Services (DFS) adopted a new set of rules in support of the state’s Financial Services Law.  Normally, this is not something that would be particularly news-worthy, as the DFS is chartered to implement rules of governance and management for financial services companies all the time; over the past few years, the DFS has issues rules regarding financial dispute resolution, debt collection, and even the use of Bitcoin and other virtual currencies.  What makes the March resolution – titled “23 NYCRR 500” – so interesting is that, for the first time, it defines specific cybersecurity governance requirements for all financial services companies operating in the state.  As you might expect, as New York City is one of the top three financial centers of the world, this ruling has a substantial impact.

Death, Taxes and Identity Theft: Protecting Your PII

Posted by John Linkous on May 22, 2017

The old adage goes, “there are only two certain things in life: death and taxes”.  Increasingly, however, it looks like identity theft needs to get added to that list.  Earlier this week, security blogger Brian Krebs reported that TALX, a division of Equifax (one of the “Big Three” credit bureaus), experienced a significant data breach of personally identifiable information (PII).  As is often the case in mass data theft scenarios, TALX was unable to identify the exact number of records or the scope of PII compromised.

Password Pain, and Three Solutions to Fix the Problem

Posted by John Linkous on May 12, 2017

Recently, social media giant Facebook announced that they are providing, free of charge, code to allow app developers to implement delegated account recovery.  This is effectively a more elegant replacement for the traditional “security questions” approach to resetting a password, which historically has required the user to setup a series of questions that (ostensibly) only they know the answer to.  However, a Microsoft survey from several years ago already identified that over 10% of those supposedly “secret” questions could be answered within five guesses by nearly anyone, and that participants forgot 20% of their security question responses within six months.

Three Things to Know About Cybersecurity Insurance

Posted by John Linkous on May 3, 2017

Recently, management consulting firm Deloitte identified that cybersecurity insurance, while currently only a small fraction of the overall market of insurance underwriting, is poised to dramatically increase over the next few years, potentially even tripling by 2020.  This is backed up by insurance giant Allianz, which has predicted that cybersecurity insurance will increase from its current $1.5-$3 billion in annual premiums to over $20 billion just a few years after that, in 2025.

Driving Security Accountability through DevSecOps

Posted by John Linkous on Apr 25, 2017

For those of you who have been reading the EiQ Networks blog on a regular basis, you know that one of the most fundamental and unyielding tenets of the security world that we frequently point out is this: functionality and performance always – and we mean always – trump security.  For developers of new software products, hardware technologies and the emerging world of IoT, the ability to get to market as quickly as possible is the most important thing a company can do, because it gets them a market position that turns into revenue.  Because security isn’t generally perceived by companies that make commercial software and hardware as something on which people make buying decisions, it’s usually relegated to a last-minute “bolt-on”, or simply addressed after vulnerabilities are discovered by users and security analysts after the product is released.  Even after disclosure of vulnerabilities, many companies either ignore these findings or back-burner patches and fixes until the next major release of their product.  One of the “dirty little secrets” of the industry is that certain, specific vendors (we won’t name names here… but they know who they are) have had gaping holes in their products for months and sometimes even years.  Sadly, this behavior among many companies is not likely to change.

A Tale of Two Security Vendors

Posted by John Linkous on Feb 28, 2017

Over the past two weeks, the security industry has seen some disclosures (or in one case, a half-disclosure) of vulnerabilities within their products.  In at least two of these cases, we know that these vulnerabilities could have led to a significant compromise of data and systems.  But what’s really interesting about these two vendors is how they responded to the discovery.

Subscribe to Email Updates

How Prepared Are You to Battle Cyber Attacks?

Find out with EiQ's free cyber security readiness assessment!

Find Out Now!

Posts by Topic

See All