From artificial intelligence (AI) threats—and opportunities—to new regulations and legislation, cybersecurity will be a big topic in 2024. CompTIA asked industry leaders from its various regional community executive boards and Industry Advisory Councils what MSPs and other tech companies should know this year. Here’s what they had to say.
Insurance Providers Will Require Security Stacks in Place
“Cyber insurance companies will deepen their influence on the security stack requirements for their customers, and therewith what MSPs need to deliver. Also, MSPs will strengthen their focus on managed cybersecurity services, focusing more on cyber hygiene as the starting point, including multi-factor authentication (MFA), security awareness training, email security and vulnerability management.” — Frank Raimondi, vice president channel alliances and partnerships, IGI Cybersecurity
Blurred Reality Will Obfuscate Cyber Situations
“The obvious cybersecurity threat will be the use of AI and bad actors. This gives bad actors exponential capabilities which leads to what I call an increased time to attack (TTA). That means they will be able to detect and exploit vulnerabilities even faster than before. The use of AI will also include the ability to blur reality to cause issues with determining from what is real and what is fake. The use of AI will make the creation and distribution of things such as fake news articles, videos and fake products easier than ever.” — Bill Campbell, CEO, Balancelogic
Increased Legislation, Regulation Is Coming
“Cybersecurity governance and compliance will be more apparent to business owners of all sizes (well I hope). Business owners and executives will become more ‘aware’ of the need for policies, procedures and processes that they must implement in order to effectively protect their organization’s data. As cybersecurity attacks grow and are made more public, I feel we are just going to see more and more legislation and regulation be implemented. If we don’t learn on our own through experience, the pressure will continue to mount.” — Bill Campbell, CEO, Balancelogic
Compliance Frameworks Will Become Very Important—Quickly—for MSPs
“Legislation is fast approaching the MSP industry and the defense industrial base (DIB) is going to be the first wave of customers who will identify their service provider by eligibility within a compliance framework (CMMC) certification database. NIST 800-171 applicability is eye opening to most service providers who have not tried to categorize their asset inventory and scope according to a standard before. Those who are waiting to see what happens, instead of fervently applying the security controls to their people, processes and technology, will lose their DIB client base to those who started implementation in 2023. 2024 is the year that MSPs will largely embrace one or more frameworks as a means of survival, not just because it’s the right thing to do. Those MSPs who do not align to a security framework will eventually attract the smallest and most difficult clients.” — Joy Beland, vice president of partner strategy and cybersecurity education, Summit7
Bad Guys Will Capitalize on AI for Their Own Gain
“Generative AI will be exploited for gain by a phalanx of merry fraudsters and bad actors to refine the art of the steal. It will reinvigorate phishing attacks and create vastly more effective blended attacks that mine data from Microsoft 365 penetrations, social media and tracking technologies across fixed, mobile and cloud data sources.” — Josh Liberman, president and founder, Net Sciences
Governance Pressures Will Be Both Opportunity and Obligation for MSPs
“It’s telling that the NIST CSF 2.0 draft leads with the addition of governance. Increasing legal, regulatory and contractual requirements around cybersecurity are holding business more accountable and those pressures are going to grow. Governance is something MSPs have shied away from, but it’s going to be hard to continue kicking that can down the road. UK MSPs are facing new reporting laws, and in the United States, cyber governance is beginning to be linked to executive and board fiduciary responsibilities. Governance in 2024 will increasingly be viewed as both an obligation and an opportunity for MSPs to help their clients.”—Tim Golden, founder and CEO, Compliancerisk.io
FTC Safeguards Rule Is a Sign of More to Come
The Federal Trade Commission (FTC) safeguards rule, codified in June 2023, is a bellwether for growing federal scrutiny of cybersecurity governance. It is likely going to drive MSPs to take an active role in developing comprehensive, well-documented, cybersecurity programs to help clients adhere to FTC guidelines.”—Tim Golden, founder and CEO, Compliancerisk.io
Defensibility Will Drive Documentation
Increasingly, the need for solid, detailed documentation around cybersecurity policies and procedures is being driven by defensibility in the wake of a cybersecurity incident. In 2024, we expect to see businesses investing in documentation, and in direct correlation, MSPs will respond by building governance into their offerings.” — Tim Golden, founder and CEO, Compliancerisk.io
MSPs Still Squarely in Criminals’ Cyber Crosshairs
“Private equity firms see MSPs as the next best things, second to companies with intellectual property. This is due to the trusted connection with the actual end user and the fact that a lot of MSPs are still poorly secured. There is no regulation in place yet, so there is a window of opportunity. Therefore, they are/will be on the hitlist in 2024.” — Pierre Kleine Schaars, co-owner, Quality ICT
MSP Inactivity Poses Threat to Small Businesses
“A lot of small SMBs trust their ICT company because they have been doing business for so long. Problem is, the industry is changed, and many ICT companies did not. They did not innovate. Because of the trust, the end user will be vulnerable and, because everything is linked together, they will be the weakest link in the supply chain and targeted by criminal organizations.” — Pierre Kleine Schaars, co-owner, Quality ICT
Raise Your Cyber Awareness.
Learn more about earning the CompTIA Cybersecurity Trustmark.