Cybersecurity is a constantly-changing market, and with new threats, themes, and regulations emerging all the time, keeping pace can be a challenge—both as a consumer of cybersecurity products and services and as a vendor. But as with all B2B companies, it’s critical to consider which technologies, strategies, and tactics are top-of-mind in the industry to make smart business decisions (and marketing decisions too!).
At Magnetude, we dedicate ourselves to staying on top of the latest cybersecurity trends and keeping a close eye on emerging changes. It guides the cybersecurity marketing and strategic work we do. But there’s no substitute for the knowledge to be gained by working hands-on in cybersecurity—and we’re proud to say that nobody knows the space like our clients.
We asked some of our top cybersecurity clients and partners to respond to the following prompt:
“Considering the current cybersecurity threat landscape, what are your clients’/customers’ top priorities right now?
Here are their insightful responses:
Sherri Davidoff, CEO, LMG Security
Right now, every organization is under pressure to reduce cybersecurity risk, fast. Most organizations have accumulated “security debt” over the years due to lack of knowledge or resources, and this has resulted in an epidemic of data breaches and ransomware attacks that wreak havoc globally. Insurers, regulators, boards, and the business community have now seen the damage and are no longer willing to accept this level of risk. As a result, we’re suddenly seeing a dramatic increase in requests for PROACTIVE cybersecurity controls such as multifactor authentication (MFA), endpoint detection and response (EDR), effective patch management, immutable backups, on-demand cybersecurity training, and other solutions. More than ever before, today’s business leaders understand that cyber risk is business risk and are investing unprecedented amounts in proactive security solutions.
“We’re seeing three main priorities for our clients this year. First, companies are increasingly interested in securing third-party software critical to business operations. High-profile breaches such as SolarWinds and Log4j highlighted the problem, and now the hard work needs to happen regarding software supply chains. We think of it like the ingredients on a can of soup: enterprises need to know what software components make up their mission-critical applications so they can secure them—and most simply don’t know right now. Additionally, companies continue to use the cloud faster than they know how to secure it—many are still trying to determine how to secure all the cloud services, APIs, data stores, and containers they rushed to use when the pandemic initially hit. Finally, our clients are finding new ways to address the cybersecurity skills gap, specifically by training internal (non-security) teams to incorporate security into their jobs and tapping into pools of talent previously under-utilized and represented, such as women and minorities.”
“We are continuing to see customers struggling to keep up with the changes in cybersecurity, both from an external threat perspective and the rapidly changing technology landscape. They are unsure what security problems they need addressed based on business issues and are challenged by having to fully operationalize and integrate new technology to fully realize the benefits. Customers are also experiencing resource constraints in finding qualified applicants to fill needed cybersecurity positions. They look to other service providers to alleviate this burden, but they also need a trusted partner that can effectively manage large amounts of log data and show them the critical areas they need to focus on. Customers are not looking for a ‘trust us’ attitude but looking for transparency in the results provided. They value a true person-to-person partnership rather than being treated as a transaction.”
“The federal government is heavily focusing on—and funding—anything having to do with zero-trust in the fiscal year 2023, so many of our clients who sell into the government have placed a high priority on these technologies. Common examples and use cases include identity and access management, encryption, visibility, and deploying artificial intelligence to help identify anomalies. This focus is being driven by large-scale breaches like the Solar Winds attack. Additionally, the government is also dramatically stepping up spending on supply chain security as the entire CMMC process gets updated, so ensuring their software supply chain remains uncompromised is another important focus.”
In these discussions with our clients and partners, we heard a few themes in common:
Third-Party Software and Supply Chain Security:
In the wake of large-scale supply chain attacks like Solar Winds and Log4j and frequent cyberattacks targeted via third-party software, securing the supply chain at every level is a top priority for organizations. But it doesn’t come without challenges: Many organizations struggle with making sure their supply chain is secure on top of their own operations. To help solve this, transparency is key. Organizations want to know which tools and components make up the systems they use. We liked Ed Adams’ “can of soup” metaphor: Companies want to know what software “ingredients” make up their critical applications so they can prioritize security.
Takeaway: Companies that offer technology and services that support third-party and supply chain security are hot—and don’t appear to be cooling down any time soon. As Harvey Morrison of Marion Square noted, zero trust is of particular interest in the government markets right now, and many other companies have rolled out supply-chain-specific assessments and tools to help their clients maintain awareness—and security—in their 3rd party relationships.
Uncertainty Around Priorities and New Technologies
Companies continue to struggle to keep up with the ever-changing cybersecurity landscape. Between new technologies, new regulations, and new external threats, they aren’t sure how to prioritize their activities and spending. What they do know, as Sherri Davidoff notes, they need to be proactively managing risk. And when every quarter brings a new technology launch, it’s understandable that under-resourced organizations continue to struggle with integration and optimization. As LMG’s blog notes, it takes more than tools to truly reduce risk.
Takeaway: If your company offers strategic or managed services, your customers are likely looking to you for advice—even if they don’t know what questions to ask. As the 2023 budgeting season ramps up, strategic QBRs for existing customers or complimentary consultations on trends will be welcomed.
Addressing the Cybersecurity Skills Gap:
In an ongoing trend only complicated by the current job market, companies are still struggling to hire enough technical cybersecurity staff to meet their needs. According to a recent survey by Fortinet, 67% of respondents agree that the skills shortage creates additional cyber risks for their organization. 60% of organizations struggle to recruit cybersecurity talent and 52% struggle to retain it. As Ed Adams of Security Innovation emphasized, companies need to take advantage of previously under-utilized talent pools, amping up their efforts to recruit and retain disadvantaged groups, as well as building talent within the organization by training non-technical staff and hiring new graduates. Our client SilverSky also recommends a heavy focus on corporate culture to attract and retain great employees.
Takeaway: As Jason McGinnis of SilverSky mentioned, organizations are looking to their service providers to alleviate the burden with a trusted partner and advisor. Customers might be more likely to explore full-service managed packages, virtual CISO offerings, or new technology platforms offering automation that reduce the burden on their internal team while maintaining cybersecurity protection.
Want to discuss how your company’s marketing strategy might be impacted by these priorities and predictions? Contact us.
Looking for more information on how to reach your security audience? Download our guide: How to Get in Front of CISOs and Security Professionals Through Digital Marketing