Guest blog courtesy of LimaCharlie.
LimaCharlie hosts the weekly Cybersecurity Defenders Podcast in which we invite some of the sharpest minds in our industry to share their perspectives on the state of cybersecurity. One question we always ask our guests is where they see cybersecurity heading in the near and medium term. The answers cover a lot of ground, but offer many valuable insights for MSSPs and MSPs.
Here are some common themes that emerged in our conversations over the past year—and our own thoughts on how service providers can respond to these coming changes.
Consolidation will bring opportunities and challenges
A number of our guests talked about a trend toward consolidation in cybersecurity. On the positive side, MSSPs can expect to benefit from increasing consolidation in the tools and infrastructure they use—especially as cybersecurity platformization gains momentum. But consolidation also means that large tool providers may start moving into the managed services space, putting service providers in competition with their own vendors.
Going forward, MSSPs should take advantage of consolidation, which has the potential to reduce costs and tool management workloads. Service providers should also be aware of the growing threat of vendor competition. To respond, they should seek opportunities to gain independence from their vendors, and opt for infrastructure providers that have no stake in the security services market if possible.
The growth of GRC
Governance, risk, and compliance (GRC) will become increasingly important in cybersecurity, according to many of our guests. This shift will be driven by data privacy legislation, consumer demand, and pressure from insurance providers.
For all security professionals, helping stakeholders understand cyber risks and ****meet compliance obligations will become a big part of the job. To stay competitive, MSSPs should lean into the role of trusted advisor, developing service offerings to meet clients at their point of need and highlighting their potential value as GRC consultants.
AI will aid (but not replace)
Nearly everyone said that generative AI (gen AI) is here to stay, and will have a transformative effect on our industry. Few expect adoption to happen overnight, citing doubts about the reliability of gen AI tools, concerns over intellectual property being used to train LLMs, and the general tendency for large enterprises to embrace new technologies slowly. The majority of our guests who spoke on the subject believe that AI will act as an aid to cybersecurity professionals rather than replacing them—making skilled practitioners more valuable than ever.
MSSPs should begin to leverage AI tools where it makes sense to do so, in particular when they can support operational efficiency by up-leveling junior employees or reducing the burden on senior members of staff. At the same time, MSSPs need to realize that AI in cyber is likely to increase the value of skilled security labor rather than diminish it. Senior roles may be challenging to fill in the coming years, so leaders in the managed services space would be wise to focus on personnel development and retaining high-skill employees.
Automation will be the only way to keep pace
Gen AI will make threat actors more dangerous because it gives them a range of powerful capabilities that they haven’t had before. Examples our guests gave include the ability to launch sophisticated attacks with minimal technical skill, craft more convincing phishing emails, and expand the complexity and volume of automated attacks using agentic AI bots.
For defenders, manual responses won’t be able to keep up with AI-assisted adversaries, making security automation the only viable path forward. Starting today, MSSPs should take every opportunity to eliminate manual workflows and response actions—and shift to tools that enable security operations at scale through automation capabilities and features like infrastructure as code (IaC) controls.
More from our guests
To listen to the conversations that produced the above insights—along with predictions about everything from “the bot wars of the future” to what it means that the first digital natives are now reaching middle age—listen to The Cybersecurity Defenders Podcast #174 - Predictions for the future of cybersecurity from 2024 and subscribe to the podcast on your favorite podcast player.
