Stars-image

Blog

Welcome to Silent Sector's blog, news, and resource area.

Haidon Storro

Haidon Storro
Cybersecurity Research & Content Manager, Silent Sector -- Haidon Storro is a Cyber Security Analyst for CVS Health. She has her BS in IT Cyber Security as well as security certifications like CompTIA Security+ and ISC2. While Haidon is newer to the security community, she has dedicated herself to learning as much as she can through internships, online courses, and conventions like DefCon. In her free time, she enjoys reading about new advancements in technology, going to security meetups and participating in cyber defense competitions. One of Haidon’s goals is to make the connected world safer by bridging the human aspect with technology.

Recent Posts

0 Comments

Credit Union Cyber Risk Assessments - NCUA Risk Assessment

Wouldn’t it be a dream come true if you could predict the future and know what market changes, natural disasters (or pandemics), and cyber threats will occur around your organization? While we don’t have a hack for this, we do know a risk assessment helps prepare your organization for any unforeseen circumstances such as these.

Read More
0 Comments

Business Email Compromise - Over Half of All Cybercrime Losses

They say, “rules are meant to be broken,” but in the case of a cybercriminal, rules are meant to be created… Email rules that is. A new twist on the age-old email phishing tactic has enabled attackers to cause over $1.7 billion in losses since 2019. Business Email Compromise (BEC) scams account for more than half of all losses according to the FBI’s Cyber Crime Report.

Read More
0 Comments

2021 The Year of CMMC

New year, new business contracts, right? Ever since the Department of Defense (DoD) introduced its new Cybersecurity Maturity Model Certification (CMMC) program there has been a ton of uncertainty. Many contractors are idling in a learning mode to see how it plays out. Unfortunately, those who still want to do business with the federal government will find themselves at a crossroads in 2021.

Read More
0 Comments

NIST SP 800-171a vs. CMMC

Government contractors today are constantly under the scrutiny of security compliance. After all, breaching a government contractor is an efficient path to stealing valuable U.S economic as well as national security information. These attaches are actively carried out by nation-state threat actors. Several years ago, the Department of Defense (DoD) worked with the National Institute of Standards and Technology (NIST) to create a security manual to address this issue- it was titled NIST SP 800-171. However, implementing NIST SP 800-171 has proved difficult as fulfilling its requirement can be costly and almost unattainable for contractors with low cyber literacy. This year the Cybersecurity Maturity Model Certification (CMMC) was released to revamp the existing requirements for DoD contractors and help address the complications associated with NIST SP 800-171.

Read More
0 Comments

3 Ways a SOC 2 Audit Stimulates Business Growth

A service organization control audit, or SOC 2 audit, provides a report on an organization’s security controls. There are two types of SOC 2 reports, Type I and Type II, which we have touched on in other posts. Here we’ll discuss why B2B tech companies of all sizes are pursuing SOC 2 audits more than ever before.

On the surface, a SOC 2 certification may sound like just another flashy security badge or boring report that management reads. However, having a successful SOC 2 has been proven to be an asset, supporting company growth by helping organizations land enterprise contracts, grow revenue, and increase their market share.

Read More
0 Comments

An Overview of CMMC for Defense Contractors

Data exfiltration is a growing concern among businesses and governments alike. After all, data is the most valuable asset second to people that an organization has. The Cybersecurity Maturity Model Certification (CMMC) is the government’s response to data exfiltration. It’s an attempt to bolster cybersecurity among the defense industrial base (DIB) and is becoming a requirement for defense contractors performing work for the Department of Defense (DoD).

Read More
0 Comments

Preparing for a NIST Risk Assessment

Regardless of your organization’s security posture, a NIST cyber risk assessment can add immense value to your business. The National Institute of Standards and Technology, or more commonly known as NIST, is a non-regulatory federal agency that develops standards for a plethora of commonly relied on services and products.

Read More
0 Comments

Despite the increase of cyber security awareness, employees are still neglecting security policies

Security awareness increasing, but numbers show employees are still not listening

Read More
0 Comments

SOC 2 Audit Process and Best Practices

Wondering what to expect as you go through your first SOC 2 Audit?  This post covers each step of the process.  At every step, keep in mind that the entire goal of the SOC 2 audit is to measure how well your organization handles its business processes, users, data (proprietary, customer, etc.). A SOC 2 security audit can help your company demonstrate it has applied the best control mechanism to assure security, availability, processing integrity, confidentiality, and privacy of client data. This then generates trust and confidence from inquiring vendors and prospective customers.

Read More
0 Comments

Hacktivism and the Rise in DDoS Attacks

It is no secret that many protests have erupted after the death last month of George Floyd. However, a lesser-known fact is that a significant amount of online protesting has also emerged. This blog aims to focus on how protestors and various social organizations are using hacking as a vehicle to accomplish their objectives. The term ‘hacktivist” is used to describe cyber threat actors who are politically motivated.

Read More