10 min read
Managed service providers face a double-edged sword in the world of cyber security and cybercrime. In May 2022, a joint cybersecurity advisory from the UK, Australia, Canada, New Zealand and the US warned that MSPs are increasingly being targeted by cyber criminals. And cyber attacks on MSP customers, small-and medium-sized businesses (SMBs), will also continue to rise. It’s shaping up to be another year of increasingly sophisticated cyber incidents. Here are seven trends shaping the IT security landscape that MSPs should be particularly aware of for 2023.
1. Accelerated shifts to hybrid work and cloud weaken the perimeter.
Endpoints are increasingly disconnected from the “office” network and instead are much more mobile. People work from anywhere (WFA) these days – home, grandma’s house, their kids’ soccer game. At the same time, servers are rapidly migrating from in-house data centers to public (or private) cloud. This continues to weaken the traditional notion of “perimeter” and what is inside versus outside the network. Attackers are adapting to exploit new weaknesses and the new network diagram. Are your protection and detection capabilities doing the same? Can you scan for vulnerability independent of location? Is your XDR service up to the task of detecting attacks in the public cloud?
2. Ransomware and attacks on operational tech (OT) will increase.
It’s sad to say, but crime does pay, and the takeaway for criminal gangs is that there are many, many weaknesses that can be exploited profitably in the always-on, rich Western world. Ransomware is expected to increase in volume and proliferate beyond North America to Europe. High-interest targets will include industries that have been slow to get on the security bandwagon or have a broad operational technology and IoT attack surface, or both — like manufacturing. Industries that have more to defend, such as medical/pharmaceutical companies whose revenue grew manyfold during pandemic times, will also be specific targets.
3. Wicked skill shortage of security professionals continues.
This trend has been true for some years now and shows no signs of slowing. As Blue Teams expand their recruiting globally, we will see the shortage of experienced security staff following this trend. From a buyer’s perspective, one way of adding scarce skills to your team is to selectively and carefully add services from external providers. For suppliers of such services, more automation and more training of junior staff are a must.
4. Bad guys do their homework. Do you?
Postmortems for successful attacks repeatedly show patient attackers who take their time to lure victims, place malware, map the network, and learn patterns to stay below the detection threshold of even the most vigorously defended networks. Are you also doing homework to stay up to date on your own network, its map and its changes? Do you include the detection/protection you have in place, its efficacy, coverage and trends? For medium and large networks, it’s a job in itself — one that is apparently thankless and low ROI, but there is no escaping it. Company boards are beginning to have specific dedicated cybersecurity committees that will demand accountability.
5. Cyber risk will dictate business transactions.
Given that risks increasingly come through an organization’s supply chain and extended interconnected vendor and partner network, more and more medium and large businesses will use cyber risk as a determining factor in selecting partners and vendors. In days of yore, it was product quality, price and availability that largely determined vendor selection – now add cyber risk to the equation. Are you prepared to explain and demonstrate your cyber security posture to a customer? To your cyber insurance provider?
6. Data privacy laws will cover more and more endpoints.
GDPR-like data privacy laws in countries outside the EU will cover more and more users and endpoints. Governments are recognizing that such laws may be needed to protect their citizens and commerce. The intent is to increase the baseline minimum standards for ecommerce in much the same way as laws for motor safety evolved in the previous century with the growing risks of automobiles on the highways. While this is well intentioned, implementation and enforcement will be spotty and whimsical. The onus will fall on the network owner. Using external “expert” providers is a lower cost way of addressing this requirement and scaling over time. Most companies do not themselves adapt their legal contracts to satisfy GDPR but outsource that work to legal experts who specialize in this area. Expect the same with cybersecurity compliance.
7. Identity is the new endpoint.
With the dissolving of the enterprise and network “perimeter” (see number one above), you are who you authenticate as. Remote access is the rule, not the exception. Attackers have noticed and work hard to compromise users. When they are successful, you will find yourself dealing with an insider attack, which is much harder to detect. Methods such as enforcing multi-factor authentication (MFA), especially for high value admin accounts, and using User & Entity Behavior Analytics (UEBA) to identify out-of-ordinary or first-time-seen actions are the way out. These require meaningful data collection, machine learning and an active 24×7 SOC. Are these detections part of your XDR service provider’s repertoire?
Next steps for MSPs
As these trends manifest in the coming year, MSPs can help their SMB clients be aware of changes in their risk profile and new vulnerabilities they need to protect. Likewise, MSPs should keep in close contact with their security service provider partners. Don’t hesitate to ask the tough questions to make sure your service provider’s capabilities are evolving to address changes in attacker behavior and the IT landscape. Learn more about Netsurion’s Managed Open XDR solution that enhances your risk posture and simplifies threat detection and incident response.
A.N. Ananth
A.N. Ananth is Chief Strategy Officer at Netsurion, co-creator of Netsurion's Open XDR platform, and has an extensive background in product development and cybersecurity operations.