2020 brought many rapid changes—with large portions of the workforce going fully remote for the first time, spikes in social engineering attacks, and cyberattacks aimed at remote working infrastructure. Many IT service providers and managed security services providers (MSSPs) rose to the challenge, keeping businesses running under extreme circumstances.
But 2021 is just around the corner. While this year has taught us there can be major curveballs, there’s still value in looking at specific trends and gaming out their implications for the year ahead. With this in mind, I have two main predictions with vast-reaching consequences in how we do business and protect our customers.
1. IT providers will need to take a comprehensive approach to layered security
This trend focuses primarily on IT consultants and managed services providers (MSPs). These days, cybercriminals have become increasingly sophisticated and effective and have turned their sights on small- and medium-sized businesses (SMBs) and MSPs. To make matters worse, many sophisticated hacker groups sell their attacks to other groups, giving even less technically savvy criminals the ability to cause severe damage against their targets (including smaller businesses).
As a result, IT providers need to be very deliberate in delivering comprehensive layered security to their customers. Some customers may want to cut costs by picking security services piecemeal. You may even get the urge to compromise to win their business.
Fight this urge.
Businesses need greater protection today than they did even a few years ago. The risks are too significant to let them take half measures on their security—the financial impact of security breaches continues increasing, whether due to heightened ransomware demands or even compliance fines. An attack could end a business permanently. And the risk isn’t just to your customers—your own business’s reputation and financial future could be on the line. A half-protected customer could be a full-fledged risk to you.
When talking to customers, it’s your role as the expert to recommend the level of protection they need. That means making sure they have several layers in the security arsenal—patching, email protection, DNS filtering, cloud-based backup, password management and access controls, and endpoint detection and response. Set a baseline and stick to it—and it may be a higher baseline than your customers are used to. Think twice about compromising, as it could be your reputation on the line as wel.
2. IT will only get more complex
The near-overnight shift toward remote work added a significant amount of complexity to an already chaotic IT and security management landscape. This complexity should only increase over the next year.
For starters, the distributed workforce adds multiple management nightmares such as employees using work laptops on home Wi-Fi networks that may be insecure, a lack of visibility into unmanaged and often insecure personal devices on these networks, or workers letting their guards down at home against potential phishing or social engineering schemes. This complexity will only increase as workers return to the office en masse at some point next year. Some will continue working remotely, and you’ll have to support them; others will come back onto the corporate network, bringing potential security threats from home to work. And you’ll have to maintain infrastructures for both on-site and remote workers as many organizations decide to opt for a hybrid model.
However, the return-to-office trend won’t be the only thing to cause added complexity. Shadow IT trends will likely cause quite a bit of heartburn in the next year (as it already has in many organizations). If you’re unfamiliar, shadow IT refers to the use of services or apps that an organization hasn’t explicitly approved. As workers use more cloud services or apps to get their job done, they often unwittingly expose their organizations to serious risks. For example, unauthorized filesharing applications can lead to data leaks you may be unable to detect. It’s important to remember that each of these services and apps represents a potential vulnerability or access point for cybercriminals. As a result, I highly recommend you do your best to limit the software users can access, preferably using an application allowlisting solution—particularly for higher risk employees.
Preparing for 2021
With 2021 right around the corner, now’s the time to start preparing for the new year. While 2020 included an upheaval near impossible to see coming, we have a good sense of what to prepare for in the coming year. Remember that managing IT and security will only get more complex from here and prepare accordingly by increasing the comprehensiveness of your security protection for your customers. Do this, and 2021 will likely be a banner year for your business.
SolarWinds MSP offers multiple security technologies to help you meet the moment. SolarWinds® Mail Assure provides advanced email security using collective intelligence and machine learning—learn more here. SolarWinds Passportal offers robust password management to help employees simplify creating and using strong passwords even while the complexity and number of cloud services increase. Learn more about Passportal and how it can help today.