As the new year begins, most security sites and corporate blogs summarize the prior year’s greatest threats and predict trends for the upcoming year. In our entry, we’ll discuss the potential impact of growing trends on the ways that MSSPs serve small and medium-sized businesses (SMB) clients.
1. Cyberthreats of all kinds will continue to grow in number, severity, and complexity.
We’ve all seen the data: 2022 delivered record-breaking security threats and 2023 is going to be worse.
Ransomware is available as a managed service, lowering the bar for potential threat actors without sufficient technical skills of their own. As more businesses adopt AI- and ML-informed security, threat actors will seek equally sophisticated strategies to evade detection by poisoning data sets and learning models. And when threat actors can’t exploit vulnerabilities to gain entry, they’ll seek access through old-fashioned credential theft, either
through their own efforts or through identity access brokers (IABs) that sell credentials on the open market.
Smaller organizations are at particular risk: one 2022 survey revealed that fewer than half of the SMB respondents had deployed antivirus software, required strong passwords or even backed up their files off-site.
Key MSSP takeaway: As threats increase, more SMBs will consider outsourcing security to MSSPs so that they can focus on their core business.
2. SMBs have greater risk awareness but lack specialized resources and budgets to manage the risks themselves.
For SMBs, the “security by obscurity” model will no longer work because threat actors recognize that SMBs have weaker protections and fewer resources than large corporations.
These threat actors will tailor their threats accordingly, and non-IT SMBs will present the most attractive targets. In 2023, we’ll see more SMBs prioritize cybersecurity, with greater awareness at the board level translating to a variety of concrete steps throughout the organization.
Because human factors always remain a weak link, SMBs can expect increased phishing, social engineering and other tactics focused on obtaining credentials from unwary employees. To reduce these kinds of breaches, Cybersecurity Ventures predicts that global spending on employee security awareness training will reach $10 billion by 2027.
Key MSSP takeaway: MSSPs are uniquely positioned to help SMBs transition from general risk awareness to proactive and preventive actions, and can increase value and revenue by providing additional wraparound services like employee training.
3. SMBs will transition to Zero Trust… slowly.
SMBs face the same kinds of challenges as large organizations (e.g., hybrid and distributed work environments, mobile device management, IoT growth, and supply chain security, to name a few). As Zero Trust (ZT) becomes the predominant security model, SMBs will seek to secure their organizations with ZT services in addition to off-the-shelf services like standard backups and anti-malware.
Key MSSP Takeaway: ZT initiatives are as important to SMBs as they are to larger companies. For MSSPs, the challenge is designing and delivering a phased adoption plan that addresses their greatest vulnerabilities at a reasonable price point.
4. SMBs will grapple with regulatory and cyber insurance requirements.
Like larger organizations, SMBs will be affected by a growing number of third-party cybersecurity regulations regarding data privacy, incident reporting, security measures in place, and more.
In the U.S., SMBs that support the federal government or sell to other businesses that support the government must adhere to many new federal requirements. At the same time, cyber insurance underwriters are becoming more wary about issuing policies, and require detailed information about a business’s cybersecurity precautions as a prerequisite for issuing and for renewing policies.
Key MSSP Takeaway: MSSPs are uniquely positioned to support SMBs with services and solutions that not only protect their infrastructure but also document regulatory compliance (including incident reporting plans) and meet changing underwriter requirements for issuing cyber insurance.
5. Vendor software will help MSSPs scale to manage more SMB clients without increasing
SMB environments typically have fewer users and systems than larger businesses, but their cybersecurity needs are the same, including holistic prevention-first models, rapid threat detection and response, support for hybrid environments, and more. MSSPs must develop service offerings that meet SMB needs at an affordable price point.
Key MSSP takeaway: To grow profits, MSSPs should seek software vendors that make it easy to manage a growing customer list without a correlated increase in resources. Vendors should provide a “single pane of glass” solution that allows MSSPs to monitor multiple customers simultaneously, identify anomalies and trends across customer infrastructures, and patch vulnerable systems quickly.
Overall, MSSPs are well-positioned to help SMBs make proactive cybersecurity decisions to protect their valuable assets and meet internal and external requirements. By partnering with the right vendor, your MSSP can deliver flexible, effective, and manageable cybersecurity solutions that can scale to support increasing needs as your clients’ businesses grow.