Blog

In early May of 2019, Microsoft reported that a new security vulnerability had been discovered and could be a tremendous threat to their users. The bug was originally detected by the United Kingdom’s National Cyber Security Centre. Officially tracked “CVE-2019-0708”, but referred to as “BlueKeep”, this exploit is a remote code execution vulnerability that is present in Remote Desktop Services.

The below commentary is an excerpt from a longer white paper being produced by the Silent Sector team on how to hire and retain quality security, and by extension, IT resources.  This excerpt addresses compensation.

Cyber-crime is here to stay. Neither technology, compliance frameworks, nor government regulation will stop the threat.  It is a fight we didn’t choose but has forced business leaders to take new measures to protect their organizations. 

Penetration testing is now a permanent requirement in most governance frameworks from NIST to PCI DSS, making it a mandatory step in the annual budgets and operations. While most understand a penetration test is necessary in order to meet their client and regulatory requirements for the year, there is little knowledge on what these tests actually accomplish for the organization and how they are conducted.  In addition, an industry-wide consensus of what defines a true penetration test does not exist, creating further confusion. 

The proliferation and race to market for newer, better, and more stable security tools has thoroughly saturated the IT world. Who hasn’t walked through a trade show and seen booth after booth of the latest and greatest tools? 

The hustle and bustle of the holidays make them an ideal time for cyber-criminals to attack. Cybersecurity firms deal with increased threats during this season, and Silent Sector offers tips to protect your personal data and devices.

As workplaces face increasing violence and cybersecurity threats, two southwestern companies partner to bring Special Forces expertise from the battlefield into the boardroom to protect America’s small and midsize businesses.

While there are an abundance of reasons to enforce cybersecurity requirements, it doesn't take long to understand why the DoD is concerned about even the smallest subcontractor's security posture.

If you are an American citizen over the age of 30, it is almost guaranteed that your home address, date of birth, social security information, and much more personally identifiable information (PII) is already exposed and being sold on the darkweb.  While PII and credit card data is not quite a "dime a dozen", it's almost there.  Nowadays, your personal data is packaged with others' and is a commodity available in bulk to any cyber criminals wanting it.

Small and midsize businesses (SMB's) are the backbone of our economy.  They account for the majority of U.S. employment, provide most of the goods and services we use, and are absolutely essential for our way of life to exist.  We all recognize many of the names of the largest companies, but it is important to realize that they are supported by a supply chain of SMB's.

Unfortunately, an incredible misunderstanding exists among SMB's when it comes to their cybersecurity.  Even in 2018, many SMB executives still believe their companies are not exposed to the same cyber threats that large companies recognize.

As a country, we need to have a fundamental shift in our thinking around business risks related to technology.  We must embrace technology, as it is an absolute requirement that we leverage it as much as possible.  However, SMB leadership must accept the fact that cybersecurity is as much of a requirement as having insurance policies and basic accounting procedures.

These are the four most common cybersecurity myths among SMB's: