2024 cybersecurity predictions for MSPs: Navigating the evolving landscape
As we step into a new year, the world of cybersecurity continues to evolve at an unprecedented pace. Many managed service providers (MSPs) find themselves at the frontline of defense, making it more critical than ever to keep up with emerging threats.
Staying up to date on cybersecurity predictions can help MSPs make informed decisions to strengthen their cybersecurity posture and better protect their clients. The ConnectWise Cyber Research Unit™ (CRU) has been diligently analyzing the cybersecurity landscape and has compiled a list of predictions that may shape the path for MSPs in 2024.
While some threats such as phishing and ransomware will persist, new trends in attack vectors, compliance regulations, and cybersecurity tools are emerging. Before we dive in, let’s take a moment to reflect on the accuracy of last year’s predictions.
A look back at predictions for 2023
1. MSPs as critical attack vectors
Last year, we predicted that MSPs would be a key supply chain and critical infrastructure attack vector. This prediction was substantiated by various incidents, including Proofpoint’s report confirming the targeting of small and midsized businesses (SMBs) through advanced persistent threats (APTs) and phishing campaigns. Additionally, the PLAY Ransomware group’s worldwide campaign targeting MSPs further underscored the severity of the issue.
2. Zero-trust network architecture
The pursuit of zero-trust network architecture remains a crucial strategy. MSPs not embracing this approach are increasingly vulnerable to sophisticated threats. The importance of this prediction is not diminishing; it’s growing.
3. Emphasis on threat intelligence research and collaboration
In our MSP Threat Report Q1 Update, we highlighted the growing reliance on defense evasion techniques by threat actors, emphasizing the need for robust threat intelligence. Collaborative efforts and threat intelligence research remain pivotal in countering emerging threats.
4. Tool consolidation and talent gap
The trend towards consolidating tools and partnering with third parties to bridge the IT talent gap gained momentum in 2023. Alert fatigue, over-reliance on disparate cybersecurity tools, and unsustainable service models have led MSPs to seek more efficient and consolidated solutions.
5. Reliance on community and training
The CRU’s prediction of increased reliance on community and training across all IT and cybersecurity disciplines was proven true in 2023. MSPs increasingly recognized the importance of nurturing talent and fostering a sense of community to elevate their teams’ skills.
Cybersecurity predictions for 2024: What lies ahead?
1. AI: A double-edged sword
Artificial intelligence (AI) will continue to play a pivotal role in cybersecurity, presenting both new challenges and solutions. While adversaries can use new advancements in AI to forge more sophisticated attacks, the technology can also improve cyber defenses.
The Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence, issued by President Biden in October 2023, has wide-ranging implications and marks a significant milestone in the governance of AI. It seeks to guide the responsible advancement and deployment of AI in a manner that benefits society while minimizing risks and potential harm.
We have highlighted three specific areas of concern:
- Deepfakes and synthetic voices are being leveraged to launch more convincing phishing campaigns. One prediction is that audio deepfakes will be used for vishing, or voice phishing, attacks to impersonate executives and scam employees. And with the upcoming presidential election, deepfakes are expected to make it challenging to discern real information from manipulated media. Political deepfakes could spread misinformation and undermine public trust.
- While AI-assisted integrated development environments (IDEs) promise to boost programmer productivity, some experts warn it may lead developers to write less secure code. The autogenerated suggestions from IDEs could introduce vulnerabilities that programmers fail to detect because they overestimate the security of AI-written code.
- AI-caused data leaks occur when AI systems, whether due to bugs, vulnerabilities, or unintended consequences, inadvertently expose sensitive or private customer data. As organizations expand their use of AI, they’ll need to audit these technologies rigorously to avoid unintended breaches.
2. Shifting threat tactics: IoT and LoLBins
Threat actors are predicted to move away from traditional malware attacks and focus more on compromising insecure Internet of Things (IoT) devices and using living-off-the-land binaries (LoLBins). There are a few key reasons for this shift:
- The rapid growth of IoT devices offers new attack surfaces. Many IoT devices lack basic cybersecurity protections, making them vulnerable to compromise. Once accessed, IoT botnets can be created to carry out DDoS attacks, cryptojacking, and more.
- Signature-based anti-malware is getting better at detecting compiled malware files before they execute. Threat actors looking to maintain persistence are finding it more challenging.
- LoLBins are legitimate system programs and tools that can be exploited for malicious purposes if hijacked by a threat actor. LoLBins allow threats to hide in plain sight while carrying out malicious activities. Some common examples are PowerShell, WMI, and Windows Task Scheduler.
- Living-off-the-land techniques help threat actors blend in and avoid detection. Since the programs are meant to be on the system, they don’t raise red flags. LoLBins execute from memory, making them fileless and more challenging to detect.
By compromising vulnerable IoT devices and misusing trusted system binaries, threat actors can bypass traditional cybersecurity controls focused on blocking malware. MSPs will need to take proactive steps in 2024 to safeguard client IoT devices, monitor for suspicious LoLBins activity, and implement controls like application whitelisting to limit living-off-the-land threats. We’ve dedicated two blog posts to LoLBins (part 1 and part 2), highlighting their significance.
3. Continued tool consolidation and talent gap mitigation
MSPs will continue consolidating cybersecurity tools and leveraging third parties in 2024, a trend we also predicted last year. With the proliferation of new cybersecurity vendors and solutions in recent years, many MSPs have ended up using a complex patchwork of disparate tools. This has led to alert fatigue as cybersecurity teams try to monitor and respond to alerts across too many consoles.
Leveraging a third-party security operations center (SOC) will help MSPs consolidate tools and outsource specialized cybersecurity staff. The SOC can provide monitoring, alerting, and incident response capabilities across the MSP’s environment. This enables the MSP to focus on delivering value-added services on top of the SOC capabilities.
Overall, MSPs will increasingly look to simplify and optimize their cybersecurity stacks while addressing continued talent shortages. This will accelerate the consolidation of cybersecurity tools and increase reliance on third-party services.
4. M&A trends
The consolidation of the cybersecurity vendor space through mergers and acquisitions (M&A) is expected to continue in 2024. As valuations have come down from historic highs, larger vendors will look to acquire technologies and talent through M&A. Smaller cybersecurity vendors that emerged in recent years with point solutions will face market pressure, with some likely to be acquired by larger players.
M&A activity is also expected to continue among MSPs themselves. While M&A creates risks around integration challenges, it also presents opportunities for improvement. By consolidating and gaining scale, MSPs can strengthen their capabilities in cybersecurity expertise, threat detection and response, and more.
However, churn in the MSP market from rapid consolidation could also create vulnerabilities if integrations are not handled carefully. With an active appetite for M&A among both vendors and MSPs, the market is likely to see high deal volume again in 2024.
5. Preparing for CMMC 2.0
MSPs supporting defense contractors will need to begin preparing for Cybersecurity Maturity Model Certification (CMMC) 2.0 in 2024. CMMC 2.0 introduces new cybersecurity maturity requirements that will be included in all defense contracts starting mid-to-late 2024. CMMC 2.0 is currently in the rulemaking process, which gives MSPs time to understand the new requirements and prepare their clients for certification.
The CMMC 2.0 framework contains five maturity levels that range from basic cyber hygiene to advanced cybersecurity practices. The level required will depend on the type of defense contract and controlled unclassified information involved.
To achieve CMMC 2.0 certification, MSPs and their contractor clients will need to work together to fully implement the required security controls and processes. It’s important for MSPs to familiarize themselves with the draft CMMC 2.0 framework to identify gaps that will need to be addressed.
Conclusion
In conclusion, as we venture into 2024, MSPs face a cybersecurity landscape that is more complex and challenging than ever. To navigate this dynamic environment, MSPs must embrace a proactive approach. This includes staying informed about the latest developments in AI and cybersecurity, rigorously auditing emerging technologies, and continuously adapting cybersecurity strategies to address evolving threats. Consolidating tools and resources and leveraging third-party expertise will be key in managing complexities and augmenting capabilities.
As MSPs, your role extends beyond mere service providers—you are the guardians of cybersecurity in an increasingly digital world. The challenges are formidable, but with careful planning, continuous learning, and strategic collaborations, you can turn these challenges into opportunities to strengthen your services and enhance the cybersecurity posture of your clients.