Vendors will have to demonstrate enhanced scrutiny and clarity as to the seriousness of cyber-vulnerabilities. It will no longer be sufficient for an organization to simply state it has implemented cyber-defense technology. The expectation will be that the customer is actively educating and training staff with ongoing and advanced cybersecurity education. These systems and training will take time and money to implement, all of which is increasing the cost and complexity of being in business.
National Defense Mandates Strong Information Technology
Our government cannot keep us safe from cyberattacks; the FBI cannot deal will the volume of daily requests it receives. The nightly news is rife with stories and commentary pertaining to the risk of ongoing cyberattacks from Russia in response to the financial sanctions applied to that regime as a consequence of the invasion of Ukraine.
The Kaseya cyber-incident as well as others, such as the SolarWinds and the Colonial Pipeline incidents, make it crystal clear that both MSPs and individual companies—especially those that touch “critical infrastructure”—are on the front lines of protecting American businesses. In 2022, information technology and its protection are paramount components of national security. It may not be Russia, China, or some other state actor, but the threat vectors are multi-dimensional. Regulations will be created with the intent to improve national defense as it pertains to cybersecurity. The implementation will be a painful process for businesses as the different factions of the political and business sectors exert influence on the implemented regulations. The only thing that may be more difficult to endure than embracing the enhanced and sometimes exaggerated cybersecurity may be not doing it at all.
Pressure From State and Local Governments
State and local governments will further add to the complexity and cost of doing business, especially for MSPs. At every level of government, there is a push to develop better processes to generate more revenue, which equates to more and more services being taxable. Now there will be a push by individual states to register or license all MSPs so they can be better managed and undergo more thorough accounting. With this registration will come further requirements such as an increased level of liability insurance or a certain type of cyber-insurance. As this process evolves, it would be wise for state authorities to seek the advice of organizations such as the MSP Alliance. Otherwise, it will be a very painful process as states struggle with creating regulations with the best of intentions but without the requisite understanding of the underlying businesses and how they operate.
The Road Ahead is Bright
Suppliers of IT services should be preparing for the increase in regulations that can be expected from the federal, state, and local governments. Our national security depends on strong information technology. The existing law enforcement and security organizations such as the FBI and NSA cannot do it alone. They will need MSPs to be force multipliers in keeping this nation safe.
Technology providers should be prepared to live in a fishbowl where customers will ask very detailed questions about the technology they deploy, the suppliers they use, the insurance they carry, and their internal cybersecurity practices. Organizations such as MSPAlliance will be more valuable than ever before. Insurance companies will use these industry organizations to better understand if a company they are contemplating insuring is following best practices on cyber-hygiene. Customers will look to these vendor-neutral organizations as advisors in an ongoing effort to evaluate what constitutes a good vendor with solid industry best practices. MSPs will need organizations to help lobby for legislation that works and meets both the customers’ and vendors’ needs. Yes, cost and complexity will rise, but, in the long run, it will help create more secure supply chains.