Part 5: Executive Takeaways
It’s clear that while respondents are actively working to improve their cybersecurity, there’s still much to be done to find the right approach to robust security. These three takeaways can help SMB become more proactive and protected in their security stance.
Choose the right service provider
Entrusting your security to a third-party provider can be a great strategy, but only if that service provider can effectively protect your organization. There are a number of reasons to outsource security: access to advanced security tools and technologies, cost-effectiveness, and the need for scalability and flexibility to adapt to changing business needs.
As you begin to evaluate outsourced service providers, ask the following questions to be sure you’re getting what you need when you need it:
- What third-party technologies are they using, and how up-to-date are their solutions?
- How do they attract, retain, and train top-tier talent?
- How do they utilize threat intelligence, and how reliable are their analytics and threat hunting capabilities?
- Will you have direct platform access and transparency into managed operations delivered on your behalf?
- How do they securely collaborate and communicate with you?
Outsourced security providers can also help guide you through the CMMC compliance process and ensure that your systems are prepared for the unique threats to those serving the DIB.
Start with CMMC — then keep going
Any organization contracting with the DoD must meet their robust cybersecurity standards, which is why CMMC compliance isn’t just critical to protect an organization, it’s necessary for future business. This year, 71% have started the CMMC compliance process, yet 21% are compliant with Level 1, 17% are compliant with Level 2, and 12% are compliant with Level 3.
MSP/MSSP familiarity and competence with CMMC varies. Ensure that if entrusting readiness or required capabilities to an outsource provider, they have the requisite expertise and appropriate certifications (e..g, RPO, CCA). Ideally work with providers who themselves plan to become CMMC compliant.
Incorporate threat hunting into your capabilities
Move from reactive to proactive by incorporating threat hunting into your security activities. Respondents reported low to medium effectiveness in threat hunting (57%), threat investigation (56%), and threat monitoring (55%). Yet by training your team on how to use threat intelligence and how to threat hunt, you can increase your awareness of potential attacks.
Instead of waiting for an alert to trigger, threat hunters can recognize the markers of malicious activity and root it out before considerable damage can be done. Threat intelligence provides security teams with the knowledge about tactics, techniques, and procedures (TTPs) of malicious actors intent on targeting their organization so they can take action before an attack.
Conclusion
SMBs serving our Defense Industrial Base (DIB) contribute to America’s safety and advancement around the globe. Yet as long as nation-states around the world continue to target them, SMBs must take steps to ensure that their security capabilities can protect against infiltration and attack. With the right tools and technologies, they can instead put up a great defense and protect the future of American innovation.