3 Cybersecurity Trends to Look For in 2020
As 2019 draws to a close, let’s reflect for a moment on what a remarkable year it has been. Not only in cybersecurity, but even further to the global economy at large. The world saw unprecedented, frenzied market activity in the growing cybersecurity sector. Billions of dollars of cash infusion from private equity giants like Thoma Bravo, Insight Partners, and BC Partners continued to pour in and fuel growth opportunities for security organizations worldwide. The technology sector saw mergers and acquisitions on a grand scale, from MSPs and their MSSPs counterparts to PSA and RMM platforms like ConnectWise and Continuum — an example of the latest super-acquisition under parent company Thoma Bravo. Partnerships were formed as traditional enterprise-class companies like networking giant Cisco partnered with Perch Security to come down-market to provide traditional MSPs consumable, market ready security solutions to better serve MSPs and their SMB and mid-market customers.
Malware and more specifically ransomware continued to dominate the headlines in 2019 as a shift occurred from Wall Street to Main Street, from large enterprise to cities and municipalities and to the MSPs who promised to protect unwitting SMBs from harm. According to Verizon’s 2019 Data Breach Investigation Report, 43% of breaches involved small business victims. I’d expect that number to continue to rise in 2020.
As we begin to accelerate into a new decade, 2020, let’s take a look at 3 security trends that are certain to dominate the headlines.
1. More ransomware and malware.
There’s too much money to be made to just walk away. The average ransomware payment ballooned to 184% QoQ for the first half of 2019. That old mental image of a hacker sitting in his mom’s basement with Cheetos dust on his t-shirt has long been replaced with images of Nation State actors running malware farms and factories with forced labor running 24×7 to launch financial and data theft attacks on the rest of the world. Times have indeed changed. Ransomware along with high-profile data breaches are the new normal and the United States leads the globe with the highest country average cost of 8.19 million per breach.
Phishing attacks will continue to lead to ransomware in 2020 with cyber-crooks continuing to prey on human trust as a weakness. There will continue to be demand for end-user training and awareness to mitigate some of the social engineering tactics and business email compromise (BEC) attacks we’ve seen over the past year. Cloud email security vendors will find continued traction as a companion to standard Office 365 offerings and MSPs can capitalize on additional billable services.
There won’t be any respite in 2020 from sophisticated layered ransomware variants that deliver multiple staged payloads with strains including Emotet, Ryuk, Sodinokibi and perhaps new strains to be determined.
2. Market consolidation.
Expect more of the same kind of consolidation we’ve seen over the past year to continue through 2020. Complimentary organizations, often times at different stages of their lifecycle such as start-up technology companies being acquired by larger, more mature security vendors will continue to combine through venture capital and speculating. Traditional BUDR companies have started to look at expanding their services into endpoint while endpoint vendors are beginning to consider going after BUDR market share. I expect the industry to continue to move toward a platform approach in an effort to provide MSPs maximum efficiency and reduce the number of disparate vendors they partner and procure from.
3. Security technology coming down-market.
That is to say continued enterprise-class technologies coming down from Fortune 500-sized companies with robust security resources as well as MSSPs to traditional MSPs to package and consume advanced security services down to the SMB market. SOC-as-a-service, SIEM tools and Managed Detection and Response will become natural upsell opportunities in addition to bedrock security offerings like endpoint, email and network. As MSP continue to embrace the NIST Cybersecurity framework the task of showing prospects and existing customers the value and need for advanced security tools becomes less challenging. However, many MSPs still remain with a fair bit of technical debt in their own security stack. Mastering the basics of security to protect their own business should supersede the desire to succumb to the flashy technology up the stack. MSPs need to consider and solve for the revenue equation first. What security services can I sell to my customers today? The constant answer in that equation is always network, endpoint and email security first. The variable in the equation is the MDR and SIEM technology tool sets that are often left off the sales order for smaller companies under 150 employees.
No matter what 2020 brings the security technology sector is sure to be a focal point of the global economy and the fight against cybercrime.