Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
01:00 PM
Ryan Weeks
Ryan Weeks
Connect Directly
E-Mail vvv

Cyber Resilience: The Emerald City of the Security World

Small and midsize businesses and managed service providers must use their heart, brain, and courage as they follow the Yellow Brick Road to cyber resilience.

The need for cyber resilience has reached critical levels. But cyber resilience isn't a destination; it's "not a place you can get to by boat or a train." It is the Emerald City of the security world — somewhere you aspire to reach, only to get there and realize there is so much more to learn and do. And, just like Dorothy and Toto, managed service providers (MSPs) and small and midsized businesses (SMBs) need to start at the beginning: educate their people, evolve their processes, and revisit their security infrastructure. Only then they can achieve a gold standard of cyber resilience.

With cyberattacks on the rise, up 400% compared with before COVID, it is no longer a matter of if an attack will occur, but when. In fact, 95% of MSPs state that their businesses are increasingly targeted by attacks, and 78% of MSPs reported attacks against SMBs they served in the last two years. Among those attacks, ransomware (flying monkeys) deployed by threat actors (wicked witches) remains the most common cyber threat to SMBs today.

Related Content:

Augmenting SMB Defense Strategies With MITRE ATT&CK: A Primer

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: How Are Cyber Insurance Companies Assessing Ransomware Risk?

Follow the Yellow Brick Road
As the threat landscape continues to evolve, it is critical that MSPs and SMBs follow the Yellow Brick Road on their journey to cyber resilience. Cyber resilience is a measure of business strength in the preparation for, operations during, and recovery from the eventuality of a cyberattack. It relies on the ability to protect, detect, respond, and recover quickly from an adverse event and combines cybersecurity, business continuity, and incident response.

To attain and maintain cyber resilience, organizations must look at foundational frameworks and concepts. Only with a combination of capabilities within cybersecurity, business continuity, and incident response can organizations build maturity and reduce overall cyber-risk. Like the Tin Man, Scarecrow, and Cowardly Lion, each organization is at a different stage on the Yellow Brick Road, with different gaps to fill.

Here are three ways MSPs and SMBs can address gaps within their organization to build and strengthen cyber resilience: 

1. Talent Is the Heart of Every Organization
Just as the Tin Man wants a heart, MSPs and SMBs need proper talent to be complete. They must equip their teams with the skills needed to fend off attackers and prepare for the eventuality of an incident. There are two strategies to consider, and both involve bringing in proper talent to help make informed security decisions.

The first approach starts with the hiring process. MSPs should update their job descriptions and requirements to reflect the need for a basic level of understanding about security and security-related tasks. For instance, for a help-desk engineer role, 70% of the job description could reflect tech-related work while 30% is designated for security-related assignments.

SMBs should consider a co-managed approach where organizations outsource talent to add cyber maturity to the team. Co-managed IT blends the convenience and strategic framework of an internal IT department with the support and comprehensive knowledge of an outsourced MSP. This can serve as a cost-effective approach to addressing the security talent gap that often lies within smaller organizations that lack the proper resources and talent to navigate the increasingly complex IT landscape.

Credit: bbsferrari via Adobe Stock
Credit: bbsferrari via Adobe Stock

2. The Brains of Any Operation Starts With Process
Like the Scarecrow without a brain, an organization without the right processes in place can't make intelligent cyber-related decisions. Organizations must identify what is working and what isn't within their current security strategy to determine what actions are and are not repeatable and what is or is not measurable.

Several frameworks are available to help companies construct their cybersecurity strategies. The most common are the National Institute of Standards and Technology (NIST) Cybersecurity Framework and CIS Controls. The NIST Cybersecurity Framework is not a prescriptive framework, but it does help companies identify the outcomes to achieve cyber resilience. From there, organizations can determine what they need to do to reach those outcomes.

The CIS Controls are prescriptive and tell organizations what to do to achieve cyber resilience. They focus heavily on technology that primarily maps back to identity, protection, and detection. To be cyber resilient, organizations also need to focus on the "right of boom," the activities necessary to respond and recover after a successful attack.

The solution? Combine the NIST Cybersecurity Framework and CIS Controls, as this gives organizations the brains to reach the gold standard of cyber resilience.

3. Confidence Comes Naturally With a Strong Technology Infrastructure
Organizations like the Cowardly Lion — which lack the proper technology to identify, protect, detect, respond to, and recover from an attack — can't confidentiality operate with an "assume-breach" mentality.

Once their heart and brains are intact, SMBs and MSPs can gain courage by putting the technology in place to ensure they can operate to their full potential and address technology gaps. This could include adding remote monitoring and management capabilities and a business continuity and disaster recovery solution. With downtime costs nearly 50 times greater than the average ransom requested in 2020, the ability to recover quickly from an attack is imperative. By preparing, organizations can rest assured that when an attack occurs, they are equipped with the "legion of courage" to detect, respond, and recover in a timely manner.

Unlike Dorothy's bad dream, threat actors (wicked witches) and ransomware attacks (flying monkeys) aren't just in our nightmares. They are real and will continue to exploit the vulnerable. MSPs and SMBs that prioritize people (the heart), process (the brain), and technology (the courage) will be equipped with the necessary cybersecurity and robust capabilities to achieve a gold standard of cyber resilience and enable optimal detection, response, and recovery when an incident occurs.

As Chief Information Security Officer (CISO), Ryan Weeks is responsible for directing and managing Datto's Information Security program. Ryan spent 11 years securing enterprise applications, systems, and sensitive customer financial data at FactSet Research Systems, where he ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...