alphaspirit - Fotolia
In 2019, cybersecurity was a widespread concern among MSPs and their customers. Next year, the security landscape is poised to become even more alarming and complex, and MSPs will doubtlessly be pressured to invest more deeply in their cybersecurity services practices.
Corey Nachreiner, CTO at security vendor WatchGuard Technologies Inc., shared several of the company's predictions for 2020 and the implications for MSPs.
Data privacy laws gain momentum in the U.S.
The apparent success of Europe's General Data Protection Regulation (GDPR) is setting an example for consumer privacy-conscious U.S. states. The California Consumer Privacy Act (CCPA), which bears similarities to GDPR, will go into effect on the first of the year, affecting a range of businesses that have California-based customers. WatchGuard predicts that many other U.S. states will follow suit and pass similar legislation.
"I feel like the desire for consumer privacy is at an all-time high and getting higher in the United States in general," Nachreiner said.
Although Nachreiner predicted there won't be federal-level laws or bills passed any time soon, "we will have approximately 10 states pass CCPA-like acts that are similar to GDPR."
The takeaway for MSPs is that, while new legislation like CCPA could create business challenges, it could also open a new opportunity. "It certainly was [the case] with GDPR. All kinds of European service providers and security professionals [increased their businesses] because they had to help many companies figure out the security requirements and the data handling requirements of GDPR," Nachreiner said. "There could be opportunities for services [MSPs] could provide to help your customers trying to comply with these sorts of [laws]."
Ransomware will target the cloud
WatchGuard believes MSPs should expect ransomware to increasingly target the cloud in 2020. Nachreiner said he suspects hackers will pursue cloud-based assets because it is a business resource that requires critical uptime, as well as an "aggregation point" for hackers to reach "lots of potential victims in one place."
"We just think the cloud is the natural progression of where ransomware might go next," Nachreiner said.
Some MSPs deliver their services from their own hybrid cloud environments, so these MSPs may be targeted by hackers, he noted. As has been seen in MSP-specific attacks throughout 2019, cybercriminals have developed an understanding of how MSPs can be targeted and exploited.
Multifactor authentication becomes normal in the midmarket
Multifactor authentication (MFA) has matured to the point where customer organizations are finding it more usable and cost-effective. "It just has become … so easy and consumable, even for the smallest business in the midmarket segment," Nachreiner said.
Corey NachreinerCTO, WatchGuard
"We think  is the year that [MFA] is going to become standard," where enterprise-wide deployments will have every employee using it, he added. WatchGuard provides MFA products such as AuthPoint.
MSPs need MFA for their internal operations, as well, Nachreiner said. Many of the targeted attacks MSPs have suffered "were based on lack of MFA or stolen credentials."
WatchGuard also sees an opportunity in MFA for MSPs and managed security service providers. "Strong authentication or MFA isn't something that [MSPs] have turned into a service yet. They are mostly doing managed firewalls, network security and … managed detection and response, but they haven't started 'MFA as a service,'" Nachreiner said.
Meanwhile, some professional services automation and remote monitoring and management software vendors, such as Datto, are working toward mandating MFA across their platform.
The cybersecurity skills gap will widen
WatchGuard predicts that the lack of cybersecurity skills available on the job market will remain a challenge in 2020. In fact, the company predicts the gap will widen 15%.
The skills shortage, of course, will continue to affect MSPs, "especially the ones that are literally adding the extra 'S' or trying to get more into security services," Nachreiner said. Many MSPs are seeking the margin and opportunities available in the cybersecurity services arena, but the talent isn't easy to find or retain.
"When everybody, even the most premium threat research companies, is struggling to fill positions … it is going to be harder for [small-sized MSPs] to get some [cybersecurity talent], as well," Nachreiner said.
There is a flipside to the cybersecurity skills shortage, however. Organizations of all sizes now realize cybersecurity is an issue they must address, even small businesses, "but they still don't have the money or resources to handle it themselves," he said. For MSPs that can provide a service that gives customers "security in a box or a basic level of compliance in a box," the opportunities could be lucrative.
"It is definitely a big opportunity for the MSPs that can find the right talent -- or can help develop it," Nachreiner said.
To help bridge the skills gap, he suggested that MSPs work with their local community colleges and universities, getting involved in any cybersecurity programs available there. Doing so can help MSPs gain access to a pool of graduates that they can potentially hire from.