The IT ecosystem has become more exposed than ever as criminals expand their wings beyond phishing attacks to target everything from encroached credentials to cloud misconfigurations to the remote access tools (RATs) that MSPs build on to carry out outsourced IT works on their consumer’s interest.
Both the administrative and merchant landscape has seen dramatic improvements as well, with the European Union starting to enforce strong data privacy ordinances in May 2018 and California set to follow the action in January 2020. Plus, the overcrowded endpoint security location has begun to be accumulated through acquisition projects, while orchestration and mechanization providers find more exceeding and more appellants for their services.
MSPs will require to dramatically step up their competition around security in 2020 as these committed advisors usually find themselves in the bull’s eye of offenders.
Mechanization & Planning is all the Vogue
Security teams are striving to make sense of all the data generated by the proliferating number of security tools in the IT ecosystem of most businesses, and typically lack the financial resources to obtain additional SOC (Security Operations Center) investigators.
For this reason, businesses are looking to synthesize the collection and analysis of different data as well as automate the response to problems that are more commonly identified by utilizing SOAR (Security Orchestration, Automation and Response) devices.
Endpoint Security Vendor Agglomeration
The endpoint security space has grown a little less crowded over the antecedent year as broad technology vendors continue endpoint protection, disclosure, and response capabilities. BlackBerry kicked the acquisition indulgence in February by bailing up Cylance for $1.4 billion. Then in June, open-source search technology firm Elastic announced plans to purchase Endgame for $234 million.
Two months later, Symantec published plans to sell its struggling Enterprise Security section to semiconductor manufacturer Broadcom for $10.7 billion. And later in August, the virtualization giant, VMware published plans to acquire Carbon Black in a transaction with an industry value of $2.1 billion.
Hackers Go After Cloud Errors
Former Amazon Web Services representative Paige Thompson was charged over the summer with obtaining the personal knowledge of 106 million Capital One credit card applicants and customers as well as removing data from more than 30 other companies. Thompson stands indicted by federal prosecutors of using multiple terabytes of data from a variety of companies and educational institutes.
A firewall misconfiguration supposedly allowed Thompson to access folders or containers of data in Capital One’s AWS storage space, with a GitHub file comprising code for three commands as well as a record of more than 700 folders or buckets of data.
New Privacy Ordinances Drive Spending
The first privacy domino dropped in May 2018 when citizens and residents of the European Union received more significant control over how their data is being utilized as a part of the new General Data Protection Regulation (GDPR) practices. The new requirements are the most difficult in the world, with violators subject to fines of up to 4 percent of global income or 20 million euros–whichever is essential–for noncompliance.
Then in January 2019, French regulators slapped Google with a $57 million fine, claiming the search giant lacked transparency and transparency around how personal information was being consolidated and failed to obtain user consent for personalized ads correctly.
MSPs under Siege
Cybercriminals targeted MSPs throughout 2019 and forced upon the tools they use to handle customer IT systems as vehicles to attack those same consumers. A wakeup call came in April when Wipro acknowledged that worker accounts had been jeopardized in a phishing campaign.