For MSPs and those who operate in the channel, 2023 will be another year of risk, uncertainty and opportunity. Here are three key challenges to prepare for.

Recession on the Horizon

Choppy seas on the way out of the pandemic, higher inflation and supply-chain snarls have increased the risk of recession in the coming months. Like everyone else, MSPs, MSSPs and channel resellers should be working to prepare for the possibility. Some advice that has surfaced in recent weeks:

A December 2022 IT Glue article recommended five areas for MSPs to focus on:

  1. Managing cash flow
  2. Building an agile workforce
  3. Investing in the right technology
  4. Seizing opportunities
  5. Riding the recession wave

“While the term ‘recession’ may set off panic waves among business owners, it need not necessarily be the same for MSPs,” the article noted. “IT is the backbone of every business, and industry observers are expecting the managed services sector to continue to grow, albeit at a slower rate, in the coming year. Slower growth might, however, mean it’s a good idea to pay closer attention to managing costs.”

The Connect Booster site, meanwhile, recommended that service providers focus on the right metrics to measure economic health amid a downturn, including:

  • Net operating income
  • Contract profitability
  • Monthly recurring revenue

Connect Booster also recommends payment automation to ensure clients make payments without being begged to do so amid lean times.

Critical Infrastructure Threatened Like Never Before

The convergence of the internet of things (IoT) and operational technology (OT) create a boon for nation-state and domestic cybercriminals. Microsoft painted the picture in a recent report, which predicted that some 40 billion devices will be connected to the internet by 2025.

“The pervasiveness, vulnerability, and cloud connectivity of internet-of-things (IoT) and operational technology (OT) devices represent a rapidly expanding, often unchecked risk surface affecting a wider array of industries and organizations,” Microsoft said in its report, The Convergence of IT and Operational Technology: Cyber Risks to Critical Infrastructure on the Rise. “Rapidly increasing IoT creates an expanded entry point and attack surface for attackers. With OT becoming more cloud-connected and the IT-OT gap closing, access to less secure OT is opening the door for damaging infrastructure attacks.”

Microsoft’s advice for 2023 and beyond:

  1. Work with stakeholders: Map business-critical assets in IT and OT environments.
  2. Device visibility: Identify what IoT and OT devices are critical assets by themselves and which are associated with other critical assets.
  3. Perform risk analysis on critical assets: Focus on the business impact of different attack scenarios as suggested by MITRE.
  4. Define a strategy: Address the risks identified, driving priority from business impact.

Commercialization of Cybercrime Continues

The commercialization of cybercrime drove an uptick in nearly all types of cyberattacks in 2022. The result? A booming malware economy where no organization is immune to cyberthreats.

The Sophos 2023 Threat Report detailed the current cyberthreat landscape, including which ransomware groups to watch for, and the tools, tactics and procedures (TTPs) used by today’s adversaries to execute attacks. One big takeaway: The bad guys will continue to commercialize their approach and sell exploits and attack tools from within the structure of any thriving business. The report also warns of:

  • Skyrocketing demand for infostealers and stolen credentials
  • Adversaries continuing to leverage “living off the land binaries.”
  • Attacks that reach beyond Microsoft Windows.

“As we near the end of the year, cybercriminals are showing no signs of slowing down—just look at the 167% rise in data breaches from Q2 to Q3,” Sophos said in the report. “But you can help customers achieve a tight end-to-end security posture that protects their most sensitive data. In addition to encouraging good cybersecurity hygiene and deploying layered protection, it’s important to know when to outsource functions like threat detection and response.”