It’s clear talent acquisition remains a significant challenge for organizations of all shapes and sizes in 2020. A recent study from independent security association (ISC)2 now estimates the shortage of cybersecurity professionals is around four million, and suggests it would take a 145% workforce increase to close the gap.
As they struggle with filling their security teams, many organizations will turn to managed services providers (MSPs) and managed security service providers (MSSPs) to help assess risk and strengthen their security profile. One of the biggest tasks these service providers will take on is to help their clients maintain good cyber hygiene—a pain point for many companies. Poor hygiene accounted for many breaches over the past year, so it remains an essential part of a robust security strategy.
In addition to a focus on hygiene, I see the following five trends rising to the top of the security space in 2020:
1Privacy Gets Real
Europe’s adoption of the General Data Privacy Regulation (GDPR) has stirred a movement toward more stringent privacy regulations. On January 1, the California Consumer Privacy Act (CCPA) went into effect, and on March 21 New York’s SHIELD Act will become law. Vermont also has enacted a privacy law and Nevada toughened its existing law. More regulations are sure to follow in other states, so organizations need to be prepared. It’s important to understand what these laws require for compliance and to avoid penalties should a breach occur. Privacy is a big priority going forward, and organizations must be mindful of this as they collect and process customer data.
2Liability Gets Personal
Company executives have been feeling the heat following security breaches, and in some cases, non-IT executives have lost their jobs. The heat is about to intensify with a movement to hold corporate directors and executives liable for breaches. This would presumably work in the same way financial officers are held responsible under Sarbanes Oxley for non-compliance with finance regulations. Partly as a result of GDPR, U.K. company directors are facing increased scrutiny in relation to cybersecurity. If this movement gains traction, it will have implications for MSPs and MSSPs, who may come under fire should a breach happen on their watch.
3The Protectors Are Targeted
In 2019, we saw a surge of attacks against IT service providers as cybercriminals try to get more bang for their buck. By trying to breach a service provider, as opposed to an individual organization, hackers know they potentially can gain access to hundreds or even thousands of customers. This practice is bound to increase in 2020, putting the onus on MSPs and MSSPs to partner with the right vendors and put all the necessary controls in place to protect themselves and their customers.
4Ransomware Goes Big
Ransomware attackers have been shifting their focus from individual users to organizations. We’ve seen more and more attacks against hospitals, municipalities and other organizations, and this trend surely will continue to in 2020. Attackers look for an entry point into the network, scan the environment to see what will make the biggest impact, and act accordingly. Attacks will get bigger as cybercriminals try to extort as much money as possible from their victims.
5Risk Management Gets Priority
Cybersecurity is becoming more and more about risk management than trying to prevent all security incidents. Using technology tools, access policies and zero trust models, organizations will put the highest levels of protection around their most valuable data. This shows you can’t possibly stop all attacks, but still have a responsibility to protect what’s most important—such as private information, intellectual property, and state secrets.
In the world of cybersecurity, life is never boring, and this remains true in 2020. MSPs and MSSPs alike need to pay close attention to emerging trends to make sure they can protect their customers—and their own businesses—against a relentless, continuously evolving landscape.