May 04, 2021
What Star Wars Can Teach SMBs About Cyber Resilience Planning
Grand Moff Tarkin, one of the most feared and powerful leaders in the Galactic Empire, had sole command of the original Death Star, and even Darth Vader answered to his orders. He also was terrible at Empire Continuity Planning. Tarkin didn’t believe that a battle station the size of a small moon, with the power to blow up planets, had anything to fear from a rag-tag band of rebels.
Tarkin thought he was prepared for anything, but he definitely was not. That’s why the Death Star got smoked. So, what lessons can SMBs take from the Tarkin Blunder?
Lesson 1: Hire Or Partner With Experts
Tarkin made a show of soliciting the opinions of his command staff, and at least one, General Cassio Tagge, warned that, “If the Rebels have obtained a complete technical readout of this station, it is possible, however unlikely, they might find a weakness and exploit it.” Unfortunately, rather than listening to Tagge’s advice and taking appropriate actions, Tarkin allowed his staff to devolve into petty infighting and Force Chokes.
It’s your job to ensure that your company is cyber resilient—safe, secure, and operational. For some businesses, that means hiring (or training) disaster recovery and/or IT security personnel. If hiring in-house specialists is outside of your business’ budget, consider partnering with a managed service provider (MSP). Partnering with an MSP gives you access to the security and disaster recovery expertise you need at a fraction of the cost of hiring dedicated staff.
Lesson 2: Constantly Self-Assess Your Vulnerabilities (Before Someone Else Does)
General Tagge knew the stolen Death Star plans posed a risk, but Tarkin wasted resources prosecuting the rebels rather than analyzing the plans they stole to identify weaknesses. That thermal exhaust port clearly wasn’t too difficult to uncover, given that the rebel army tracked it down in less than a day on systems that could barely muster VGA graphics.
The best method to prepare for a disaster is to model the ways one is likely to affect your organization. Only then can you make adequate preparations. Developing cyber resilience requires a holistic approach that includes input from both business and technology stakeholders. Many MSPs are more than just technology providers. They actively collaborate with their clients to meet business objectives. MSPs are instrumental in building their clients’ cyber resilience.
Lesson 3: Be Prepared for Threats (Even the Crazy Ones)
As Rebel General Jan Dodonna remarked, “The Empire doesn’t consider a small, one-man fighter to be any threat. Or, they’d have a tighter defense.”
Even once the Rebel assault was underway, Tarkin refused to acknowledge that the Death Star was in danger. His last words were, well, ironic. Tarkin went down in flames—literally—because he could not accept the threat assessment of his staff, even as an ultimately successful attack was underway.
Cyber resilience relies on the successful ability to identify, protect, detect, respond, and recover quickly from any cyber attack and combines cyber security, business continuity, and incident response. One way for SMBs to build cyber resilience is to partner with an MSP that specializes in security and business continuity. At Datto, we provide tools that enable MSPs to increase their SMB clients' resilience against cyber threats.
Click here to learn more about how Datto contributes to the cyber resilience of MSPs and SMBs.
Happy Star Wars Day, and may the Force be with you!