Share This:

Cybersecurity priorities

Many organizations conduct surveys every year about the evolving threats and cybersecurity concerns that enterprises are faced with. Info-Tech Research Group’s report is a must-read for all security stakeholders, chief information security officers (CISOs), and managed service providers (MSPs).

Some companies put out surveys as thinly veiled ways to push a product, but Info-Tech’s report presents interesting and relevant statistics in an easy-to-read format.

Some highlights:

  • The average cost of a data breach in 2023 was $4.35 million USD. Up 2 percent from 2022 and an increase of 15 percent from 2020.
  • 75 percent of cybersecurity professionals view the current threat landscape as the most challenging within the past five years.
  • 55 percent of organizations are already leveraging AI or are planning to use AI in 2024 to assist in identifying risks and improve their overall security posture.

AI and automation are trends to watch

The above statistics show several trends MSPs must watch in the year ahead. One is the increasing cost of data breaches. Companies are telling us that what used to be a relatively minor obstacle – a cyberattack – is much more problematic today. Cyberattack downtime lasts longer than it used to, resulting in greater financial losses.

The other two statistics illustrate AI’s impact on the cybersecurity industry. Most cybersecurity professionals attribute the threat landscape’s challenging terrain to the uncertainty accompanying AI’s arrival. Yet AI’s arrival cuts both ways.

“AI’s arrival continues a preexisting trend, which is a cat-and-mouse game between cybercriminals and cyber-protectors,” says Ken Jenkins, a cybersecurity analyst in Portland, Oregon.

The report dispenses extensive advice about revamping an organization’s cybersecurity posture. It also provides advice on transitioning from a very manual, hands-on posture to a fully automated one. “The future of cybersecurity is trending towards automation; it’s not that there will not be a role for humans; there will be and has to be, but a lot of the granular functions of it are most efficient and effective when automated,” Jenkins states.

The report expands on the topic further:

In a world where efficiency is of the utmost importance to stay competitive within an industry, automation is seen as an approach to improve efficiency across many areas while enabling continuous improvement.

MSPs add value

Still, becoming fully automated is a process and a journey. The Info-Tech report outlines some of them.

“Becoming fully automated is a lot more involved than just installing software or flipping a switch. There are steps to take, which depend on where an organization is in its cybersecurity posture,” remarks Jenkins, adding that this is where MSPs can demonstrate value.

“MSPs excel at providing value and automation, and the trends offer a great opportunity,” says Jenkins.

Recommended actions towards automation include:

Assess the maturity of your security process

  • Identify your automation goals and the current and target maturity states of your security process to identify gaps.
  • Review your existing security process to identify which initiatives should be automated.

Assess the value, risks, and feasibility of the automation

  • Identify the suitability, value, and risks of each security process to prioritize initiatives to automate.
  • Determine the feasibility of automating a security process by assessing the cost and benefits of each initiative.

Develop and deliver your automation roadmap

  • Develop your automation roadmap and ensure the initiatives are supporting your organizational goals.
  • Communicate your automation roadmap to executive leadership to obtain support on your security automation objectives.

Assess risks and feasibility in automation

“All these actions are things a good MSP can help organizations with. An MSP needs to show a customer or potential customer that these can be done seamlessly, taking the hard work away from the customer,” notes Jenkins.

Jenkins also mentions that the most important of the three actions is assessing the risks and feasibility of automation.

“Not every business has the same needs and vulnerabilities. There may be some businesses where full automation isn’t feasible or desirable, which is why this step is crucial,” Jenkins adds. Once the feasibility factors are ironed out, then the automation roadmap becomes the critical factor.

“The roadmap will look different for each business. Some can go fully automated fast, while others may take years, depending on how many legacy systems there are to integrate and update,” Jenkins reports.

Photo: Elnur / Shutterstock


Share This:
Kevin Williams

Posted by Kevin Williams

Kevin Williams is a journalist based in Ohio. Williams has written for a variety of publications including the Washington Post, New York Times, USA Today, Wall Street Journal, National Geographic and others. He first wrote about the online world in its nascent stages for the now defunct “Online Access” Magazine in the mid-90s.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *