Three channel experts share their cyber predictions for 2024
Experts from e92plus, Bytes and Crayon Group discuss emerging threats, shifts in procurement and the driving forces behind cyber shifts
As 2023 draws to a close, the cybersecurity landscape looks vastly different to 12 months earlier. Emerging cyber threats, multiple vendor mergers and demand for new services will continue reshaping the sector in 2024. Below, three cyber experts from share their predictions for the coming year.
Neil Langridge
Marketing & alliances director, e92plus
Cybersecurity is certainly one of the star performers in the channel in 2023, showing strong growth despite the fragile economic environment. That's due to the relentless growth in cyber attacks, continually evolving threat landscape, and the simple fact that cybersecurity can't just be turned off - digital transformation is changing our lives and businesses, and that digital estate needs to be protected. Major data breaches can damage brands and incur huge fines, but a ransomware attack on the wrong company and the subsequent downtime can mean the end of that business - it's that brutal.
However, the picture is far from simple - or that sunny. Channel partners and vendors are having to work harder than ever to secure the trust and business of IT leaders on cybersecurity, and there's a few key trends that we're seeing across our partner community.
Business outcomes lead decisions, even in cybersecurity
So much of technology has evolved from a simple requirement to enabler, and then to defined ROI - and now it's about delivering business outcomes. Covid saw the move to a distributed workforce as simple a means to keep business afloat, but as the move to the cloud and digitisation has continued to accelerate, all area of technology investment have followed, and cybersecurity is no different.
This means just simply taking endpoint renewals, or looking to move customers from EPP to EDR (and the latest shiny thing) isn't enough. How can that support BYOD and a more flexible workforce no longer tied to corporate devices? Instead of renewing MFA (multi-factor authentication), can SSO (single sign-on) enable cloud apps to be more easily introduced, reduce time wasted managing multiple passwords, and bring contractors on board without compromising how secure is managed? Instead of simple continuing with VPNs for everyone, can zero-trust limit access to only the apps that are needed, reducing licensing costs and minimising security risks and so using the IT team in a more effective way?
Partners want market validation, not vendor enablement
When I'm delivering training for partners, I often joke about the classic vendor slide deck - pictures of HQ, how many employees they've got, customer logos and then 37 slides on their products. It's enough anymore, even when it includes competitive analysis. They want the insights needed to answer customer challenges and objections - and it's not comparing Product A and Product B. Validation of success that's relevant to their customers is more essential than just displacement, and helps frame a more progressive conversation around outcomes rather than simply another alternative technology product.
ARR vs TCV vs consumption billing
"There's a huge variation in pricing and commercial models right now - and often that means that competing interests can clash. The reporting requirements for the vendors has seen a strong growth in ARR due to how revenues can be booked, but we're seeing partners still often preferring TCV to be able to recognise longer term deals and commitments.
"There's also a rise in interest in consumption billing that's available through MSP partner programs from vendors - but without the managed service, to be able to meet customer demands for paying for exactly what they use. This has meant that distribution in particular needs to be agile and offer a range of options, and facilitate bringing the competing interests together (rather than only offering inflexible third party financing), and ensure that it plays its role helps channel business flow as smoothly as possible."
Read on for predictions from Bytes' Jeremy Edwards and Crayon Group's Aleksandr Vara...
Three channel experts share their cyber predictions for 2024
Experts from e92plus, Bytes and Crayon Group discuss emerging threats, shifts in procurement and the driving forces behind cyber shifts
Jeremy Edwards
Head of networking and security solutions, Bytes
Identity and chain attacks on the rise
"This has been a year of significant increase in attack on identity and chain attacks using credentials attached to social engineering and corporate espionage on a grand scale. Distances between IT teams (of all types) and their old friend ‘the user' is potentially greater than ever following significant attachment to digital debt reduction projects after lockdown and gradual recent tightening of the corporate purse.
"We have seen phishing and 3rd party attacks decimate Enterprise and SME organisations alike, as both private and nation state adversaries use the cloak of that aforementioned technical debt and social instability to break identity and connectivity chains.
"The broadsheets' (ok, internet-based news) regular mention of significant and powerful corporates, as well as tech dreadnaughts being caught napping is alarming. AI and eastern state-based concerns consistently raise the eyebrow at board level across the world with threat Intelligence streams pulling grey matter away from the cyber quick wins.
"Getting back to basics and enhancing the engagement and skill levels of our users should be the priority. Locking out and pro-actively managing your vulnerabilities (once an unfavoured and poorly executed task), has to be top of the list of objectives and include your users and device lifecycle in that tower. As AI and more intelligent conversational social engineering creeps up, we must look to pull our cyber socks up from the ground, potentially think less about the shiny new toys and look to use our people as a first line of defence."
How cybersecurity procurement is evolving, and the changing priorities in cyber purchasing
"If I'd been asked this question 12 months ago, I'd have said enterprise licensing agreements (ELA) and platform is the dish of the day - and still is in many cases - platform definitely so, with organisations looking to concentrate or lean on their skills base to drive cost efficiency and management capability.
"But….. the ELA is stalling in the wind of truncated priorities and consistently changing digital demands. An ELA is appetising due to the forward spend confidence it brings, but with it comes a technical lock in that could upset future planning. Part of this current wobble on commitment has been fuelled by the re-design of technology adoption through subscription-based cloud-native solutions, the spiralling costs of which businesses have struggled to contain.
"Mountains of technical debt, early adopters and lack of skills means that the acceleration of digital platform availability is 100% ‘a thing', but so too is the distance between the majority of organisations, their infrastructure at large as well as their cost/spend models.
"I've had some really exciting discussions over the last 18 months where at the beginning of projects and medium term strategies, both procurement AND technical stake holders have been present to explore the art of the possible and kudos to those organisations creating greater lines of communication. Cost optimisation and procurement isn't just about the bottom line or the ‘in-term' budget value of individual purchases, it's about the strategy of aligning an organisations spend with their digital growth.
"For the channel, this has meant that procurement timescales are lengthening which can cause unease and in terms of solutions, augmenting current technology stacks seems to be a favoured path - adding new features to in-situ technology has been prioritised and to credit our technology friends on the other side, their acquisitive and platform focused development over the last 2 years is paying dividend for customer choice. Let's hope the increasing interest in identity & collaboration security as well as asset and vulnerability tools converts.
Three channel experts share their cyber predictions for 2024
Experts from e92plus, Bytes and Crayon Group discuss emerging threats, shifts in procurement and the driving forces behind cyber shifts
Aleksandr Vara
Technical services sales director, Crayon Group
The driving forces behind cybersecurity trends
- Increased threat landscape: The global geopolitical climate has contributed significantly to the expansion of the threat landscape. State-sponsored cyberattacks are on the rise, posing serious risks to organizations worldwide. For example, ransomware attacks have seen a staggering 150% increase in the past year alone, with projected damages reaching a staggering $20 billion on a global scale.
- Digital transformation: The ongoing process of digital transformation is now more diverse and complex than ever. Companies find themselves straddling multiple layers of transformation, including on-premise systems, cloud infrastructure, and cloud-native applications. This complexity exposes organizations to a wider attack surface and necessitates the defense of legacy environments, virtualized systems, and emerging technologies for which there are often no established best practices. Consequently, security teams are compelled to reevaluate their cybersecurity strategies, focusing on scalability, manageability, and operational efficiency.
- Rapidly evolving cybersecurity technologies: Cyber threats continue to evolve, and so do the technologies designed to combat them. Artificial intelligence (AI) and machine learning (ML) are increasingly integrated into security solutions to enhance threat detection and response. Simultaneously, the trend of vendor consolidation, particularly in challenging economic conditions, has driven the development of cloud-native security platforms. These platforms offer extensive integration and interoperability, unified security management across various environments, and automation capabilities.
- Cybersecurity compliance programs and regulations: The growing impact of cybersecurity threats has led governments and industries to implement stricter regulations aimed at safeguarding their citizens and businesses. This is especially evident in critical infrastructure and essential services sectors, where companies are establishing cybersecurity compliance programs with far-reaching implications, often extending to their supply chains through additional security requirements.
- Security posture and vulnerability management: As organizations seek innovative approaches to operational cybersecurity, they are increasingly focusing on security posture management and vulnerability management across hybrid environments. The adoption of new technologies is driving changes in processes, allowing companies to better identify, assess, and remediate security vulnerabilities.
Adapting to the ever-changing landscape
These cybersecurity forces underscore the necessity for organisations to remain adaptable in the face of a continually shifting threat landscape. Embracing emerging technologies and evolving processes is crucial. Regulatory efforts and the growing maturity of customers are propelling the adoption of cybersecurity standards. Consequently, businesses must prioritize the unification of security management across hybrid environments and the reinforcement of their security posture. By doing so, they will be better prepared to navigate the complexities of cybersecurity and safeguard their valuable assets in the digital era.