2023 cybersecurity predictions for MSPs
The past few years have driven tremendous change in how we live our lives and how we run our businesses. As we begin to close out the year, we wanted to share with you some of the top predictions from the ConnectWise Cyber Research Unit (CRU) that may be helpful to MSPs as we enter 2023.
1. MSPs will be a key supply chain and critical infrastructure attack vector
Escalating geopolitical tensions, including disabling attacks orchestrated against supply chains and critical government infrastructure, are bringing cyberattacks within the supply chain ecosystem to the forefront for governments around the world.
According to a communication from the White House in September 2022:
“…Foreign governments and criminal syndicates are regularly seeking ways to compromise our digital infrastructure. In 2020, a number of Federal agencies and large corporations were compromised by malicious code that was added into SolarWinds software. This small change created a backdoor into the digital infrastructure of Federal agencies and private sector companies. This incident was one of a string of cyber intrusions and significant software vulnerabilities over the last two years that have threatened the delivery of government services to the public, as well as the integrity of vast amounts of personal information and business data that is managed by the private sector.”
The United States is not unique in its concerns related to increased malicious cyber activity targeting supply chains. The UK’s National Cyber Security Centre (NCSC) published updated guidance in October 2022 for securing supply chains based on results of the DCMS Cyber Security Breaches Survey 2022, which indicated that only "just over one in ten businesses review the risks posed by their immediate suppliers (13%), and the proportion for the wider supply chain is half that figure (7%).”
The Federal Government of Australia, similarly according to a reporting from ZDNet in July 2022, “looked into vulnerable supply chains, focusing on imports,” but was, according to commentary from IBM, “light on the ‘cyber.’” Thankfully, this motivated additional guidance from the Australian Cyber Security Centre (ACSC) related to identifying supply chain risks and also ways in which organizations throughout Australia can better manage those risks.
Finding a partner that offers threat detection monitoring, incident detection and response services, and security risk assessment tools will help you remove the complexity associated with building an MSP-powered cybersecurity stack and lower the costs of 24/7 monitoring support staff.
Whether starting from scratch or expanding services to an existing cybersecurity practice, ConnectWise solutions are purpose-built to launch quickly and deliver outstanding client security outcomes. To learn more about what 2023 may hold for you as an MSP, check out the ConnectWise webinar “Planning for 2023: Cybersecurity Predictions” with Drew Sanford, VP Global SecOps, and Patrick Beggs, CISO. Or click here to start a conversation with an expert about ConnectWise software and support solutions to protect your clients’ critical business assets.
2. MSPs who aren’t pursuing zero-trust network architecture most vulnerable
With the increase in supply chain and critical infrastructure attacks, it is no wonder that governments globally are pushing for a zero-trust network architecture (ZTNA) to be implemented by as many organizations as possible they work with or rely on to advance their mission.
Ruggero Contu, a senior director analyst with Gartner, noted in a recent article that organizations must remain “focus[ed] on an expanding attack surface created by digital transformation initiatives such as cloud adoption, IT/OT-IoT convergence, remote working and third-party infrastructure integration. Demand for technologies and services such as cloud security, application security, ZTNA, and threat intelligence has been rising to tackle new vulnerabilities and risks arising from this exposure.”
A question you are going to start hearing from at least some of your customers is: “Can you help our business implement and enforce zero-trust security?” Or maybe some customers are simply looking to you, as their managed service provider (MSP), to help them understand what zero-trust is and why they should even care about it.
Either way, the bigger question is whether you can give them the answers they need about this rapidly evolving area of security—especially if you are getting up to speed with it yourself. To help you ramp up fast on zero-trust, this blog provides an overview of some need-to-know basics about this approach to cybersecurity, including what it is and how to enforce a zero-trust policy.
3. MSPs will rely more on threat intelligence research and inter-organizational collaboration
As we pointed out in the 2022 MSP Threat Report, 2021 was a disruptive year for ransomware operators. Several high-profile ransomware incidents brought ransomware operators into the spotlight, and we began seeing threat actors change tactics towards the end of 2021 to try to stay out of the public eye. The Russia-Ukraine conflict has also had a significant impact on the threat landscape in 2022.
The year began hopeful with several organizations reporting fewer ransomware incidents in the first half of 2022 compared to 2021 (here, here, here, and here). However, according to the Washington Post, many believe the lower numbers from the first half of 2022 are deceptive. Instead of fewer ransomware incidents occurring we simply saw fewer reported due to the shift in tactics from many ransomware operators from big companies to smaller organizations that are 1) less likely to report incidents, and 2) don’t get the same level of media coverage as larger organizations. (Keep an eye out for the 2023 MSP Threat Report to see our numbers.)
In 2022, we’ve also seen threat actors, most notably LAPSUS, switching tactics and focusing purely on data extraction and extortion without encrypting anything. We’ve also seen some threat actors, most notably related to the Russian-Ukraine conflict, using data wipers intended to destroy data for the sole purpose of causing harm.
All of this leads us to the conclusion that MSPs, their clients, and their data are at risk. To properly mitigate this risk, paying attention to good threat intelligence becomes useful. By understanding the current, real-world threats our partners and the industry are facing, we can help you prioritize your time and focus on the security tools and controls that will have the biggest impact. The CRU strongly believes that sharing threat intel makes us all stronger, so we share the intel we gather when possible. Specifically, the CRU is involved in Microsoft Advanced Protection Program and MITRE Sightings where we share sightings, TTPs, and IOCs on a regular basis.
4. MSPs will look to consolidate tools and leverage third parties to solve IT talent gap
In the context of this rapidly changing landscape, tech firms and MSPs alike are dealing with an unprecedented number of vacancies in their teams. What’s more concerning is that the current IT talent gap and tech labor shortage are making it nearly impossible for these critical roles to be filled. About 73% of IT industry leaders predict they’ll struggle to recruit data scientists or fill other open tech positions. While most companies are focusing on what new cloud-based technologies they need to turn to in the wake of the COVID-19 pandemic and the Great Resignation, they overlook much more alarming truths within the industry.
One path forward for MSPs is to consider partnering with a third party that can provide both NOC and SOC services that can take on most of the technical work that needs to be done in a growing practice. Instead of an unwieldy in-house operation, leveraging NOC and SOC services as an extension of the MSP’s existing workforce also means your primary technical staff can focus on high value, high ROI projects.
If MSPs don’t pay for unutilized or unproductive labor, they can scale up or down as needed to meet service level agreements. Multiple SLAs, incident response plans, and managed service levels can allow MSPs to decide exactly how they’d like to leverage the NOC and the SOC on a per-site basis. In addition, the total cost of ownership over time is far less than hiring to scale.
Furthermore, using a third-party NOC and SOC is not just about managing your employees’ time and capacity. Overall, MSPs do not see direct profit from the tasks that would be characterized as routine, recurring, or mundane. These lower-level tasks are part of most basic service packages and are not significant drivers of revenue or profit, regardless of how frequently they’re taking place. No matter how many or how few tasks are performed for a client, the managed service provider does not see any profitable returns for performing tasks that simply “need to be done.”
5. MSPs will see more reliance on community and training across all IT and security disciplines
As the owner or staff member of an MSP with clients likely asking more and more about security, it is difficult not to get up in the day-to-day operations and keep your sights set on the bigger picture—growing the business. Even if you have a strong client base, but you may need a little help initiating launch of a cyber practice to get your MSP to the next level. Starting with third-party support as you and your staff progressively uplevel your headcount’s security posture with programmatic trainings and community support can give you the structure to succeed.
Diversified skillsets are becoming more commonplace over time rather than less, and cyber specializations continue to be more and more in demand. Forbes noted in late November that “cybersecurity specialists can anticipate strong employment growth over the coming decade. For example, the U.S. Bureau of Labor Statistics reports a 35% projected employment growth rate for information security analysts from 2021 to 2031. This title encompasses roles like cybersecurity analyst and information security specialist.”
Becoming a cybersecurity specialist is a progressive process, and being able to leverage a combination of third-party SOC support as you and your staff ramp your security expertise will allow you the flexibility to meet your client’s cyber needs while also ensuring you can maintain growth over the long-term without burdening your bottom line.