What cybersecurity trends stand out as we enter Q2 of 2023? And what implications do these developments have for managed service providers (MSPs)?
In this post, we take a closer look at the events that are defining our current moment, from the intensifying focus on cybersecurity among business executives to the adoption of the zero trust security model.
5 cybersecurity trends MSPs should monitor
1. Companies Up the Focus on Cybersecurity Technology
The potential devastating impact of a data breach has not gone unnoticed among the C-suite. TechTarget reports the conviction of the former Uber CSO in a breach cover-up case has put high-level executives on edge and is expected to further fuel investments in cybersecurity technology.
Jay Pasteris, CIO and chief information security officer at GreenPages, an MSP in Kittery, Maine, commented in the article:
"They are now facing fines and potential jail time for their lack of security preparation. That's changing the market where security was already a fast-growing sector. With an ever-increasing threat landscape, cybersecurity has become a board-level conversation where assessing readiness, reducing attack surface and managing cyber insurance have become highly visible activities.”
He continued, “I expect to see continued pressure on executive boards, where they're holding a responsibility to ensure that their business has the right security posture in place, the right security programs in place and the right security funding in place."
Spending is going up
In fact, the "2023 Technology Spending Intentions Survey" by Enterprise Strategy Group (ESG) found cybersecurity continues to be the top technology area where organizations plan to increase their spending over the next 12 months. The survey, which polled 742 senior IT professionals in November 2022, revealed that approximately two-thirds of respondents have earmarked cybersecurity for increased investment.
This finding is consistent with last year's report, where cybersecurity ranked as the top area for increased spending. It also aligns with actual spending figures — the network security market grew 17% in the third quarter of 2022 and is expected to expand, with the hybrid workforce contributing to the increase, according to Dell'Oro Group, a market research firm.
2. Permanence of hybrid work bring new considerations
One of the most significant cybersecurity trends of recent years is the rise of remote workforces. Initially a “triage situation,” the work-from-home culture has taken hold, raising the stakes for MSPs that need to consider security requirements that extend from the corporate office, to the cloud, to WFH employees.
In addition to securing remote access tools, MSPs must also address vulnerabilities in other areas of the IT environment that may be exposed by remote work. For example, employees may be using personal devices to access company data and systems. The use of such devices increases the attack surface and underscores the importance of vulnerability assessments to identify any security gaps that could put the MSP customer at risk of a breach.
The challenge lies in striking a balance between multilayer security and avoiding security protocols that may negatively impact employee experience. For instance, the security demands of executives who need a boardroom-like experience with multiple access points and switches are different from those of a task worker. This requires tailored investments and potentially a range of tools to address specific vulnerabilities and risks.
3. Human factor remains a big issue for data breaches
Despite advances in technology and security protocols, the human element remains a major factor in cybersecurity breaches. Social engineering tactics, such as phishing scams, continue to be an effective way for cybercriminals to gain access to sensitive data. Even with training and education, users may still fall for these tactics or inadvertently expose data due to human error.
The "2022 Verizon Breach Investigations Report" showed as much as 82% of breaches can be attributed to human error. This includes actions such as misconfigured settings, misdelivery of sensitive information, and employee mistakes. The report emphasizes the need for organizations to implement comprehensive security measures that address the human element in addition to technological vulnerabilities.
A key feature of such measures includes a vulnerability assessment that can detect and address security gaps in systems and applications, including weak passwords, misconfigurations, and more.
4. Cyberattacks grow increasingly sophisticated
In recent years, cyberattacks have become more sophisticated and widespread. Attackers are using advanced techniques such as artificial intelligence (AI) and machine learning (ML) to bypass traditional security measures and gain access to sensitive data. Ransomware attacks, in particular, have seen a sharp rise with increasingly destructive results as attackers have gone after critical infrastructure and demanding large sums of money to release encrypted data.
In 2021 alone, Kaseya, a major provider of IT management and security software, Colonial Pipeline, the largest pipeline system for refined oil products in the U.S., and JBS, the world’s largest meat supplier, all made headlines after suffering ransomware attacks. And last year, the average cost of a data breach hit the highest level yet, increasing from $4.24 million in 2021 to $4.35 million in 2022, according to a report by the Ponemon Institute. At $9.4 million, the U.S. has the highest average per-breach cost of all countries.
In such a volatile threat landscape, proactive — rather than reactive — measures such as vulnerability management are crucial to reduce risk, limit the attack surface, and build cyber resilience.
5. Zero Trust model is taking off
Escalating threats and the growing focus on cybersecurity technology, in turn, fuel another trend — the adoption of zero trust. The Ponemon report showed that organizations that implemented a zero trust security approach had a potential breach cost savings of $1.5 million with a mature deployment.
‘Never trust, always verify’
This cybersecurity model assumes that every device, user, and network request is potentially hostile, and that no one should be trusted by default, even if they are already inside the network perimeter. Access to resources is granted on a need-to-know basis, and only after proper verification of identity and security posture. The zero trust approach is becoming increasingly important in today's threat landscape, where traditional perimeter-based security models are no longer sufficient to protect against advanced attacks.
In a zero trust model, vulnerability management is not a one-time task, but a continuous process that must be carried out on an ongoing basis. By maintaining a comprehensive inventory of all devices and software on the network, organizations can quickly identify and remediate vulnerabilities as they arise. This approach can help reduce the attack surface and make it more difficult for attackers to gain access to sensitive data and systems.
What’s next?
How do you plan to protect yourself and your small to medium-sized business (SMB) customers? ConnectSecure works closely with our community of MSPs to equip you with the most optimal vulnerability management solution on the market. We offer the only multi-tenant, all-in-one vulnerability scanning and compliance management tool designed and priced specifically for MSPs and MSSPs to support their SMB clients. Sign up for a free 14-day trial today.
Read more:
Q&A: Attorney Eric Tilds on What Every MSP Should Know About Cyber Insurance
Vulnerability Management Basics: What Every Business Should Know