Businesses turn to managed security partners to deal with AI-threats

Businesses in Asia Pacific and Japan are looking to managed security partners to boost their cybersecurity resilience capabilities especially with AI-augmented cyberattacks becoming a greater concern.

The evolving threat landscape in Asia continues to be a major concern for organizations in the region today. Despite businesses allocating a sufficient budget to boost their cybersecurity defenses, cybercriminals are evolving their tactics and launching more sophisticated cyberattacks at businesses.

The rise of AI-augmented cyberattacks are making it harder for businesses to manage their cybersecurity posture. According to Tech Research Asia’s Cybersecurity Playbook for Partners in Asia Pacific and Japan (APJ), organizations are looking to strengthen their cybersecurity posture particularly around their financial operations.

The study commissioned by Sophos, also indicated that organizations in APJ want to improve risk management capabilities and reduce their risk exposure as well as ensure there is a robust cybersecurity platform in place to support digital transformation programs.

In Singapore, the report found that AI-augmented cyberattacks are the most worrying cyberthreats for organizations followed by phishing, social engineering and ransomware. In fact, only 28% of Singaporeans organizations surveyed believe that they have the skills to deal with AI threats. Only 24% believe that they have a comprehensive AI and automation strategy in place.

At the same time, 45% of organizations in APJ are looking to outsource to managed security partners to support them in dealing with AI threats while another 49% intend to train and develop in-house skills with the assistance of partner-supported training and education.

But the opportunities for managed security providers (MSPs) not only lie in dealing with AI cybersecurity and cyber resiliency. The study also revealed opportunities in threat detection and response, infrastructure and network security, application security as well as identity and access management.

Cybersecurity budget for managed security providers

With businesses in APJ willing to work with partners, questions about the availability of budget for cybersecurity will surely be on the agenda. While the report revealed that 72% of companies in APJ do not have enough budget allocated to cybersecurity currently, 83% of them feel that the budget will increase in the next 12 months.

The increased budget allocation for cybersecurity would enable partners to chart cybersecurity plans with organizations in the region. This includes offering consolidation and management of multiple infrastructure, end-point environments and toolsets, managed SOC services that enhance security capabilities and reduce impact on in-house employees as well as alleviating in-house skills shortages.

Managed security partners can also provide activities in credential management, patching and such. They can also help businesses address budget concerns through cost-effective third-party services and focus on risk reduction and mitigation through governance, among other services.

The report also highlighted several criteria partners should have in place if intending to work with these organizations. Firstly, they need to be credible partners with industry leading vendor agreements and reputation. Next, they need to have strong integration skills as well as proactive threat-detection capabilities.

As its managed security services, partners would most likely need to have cyber resiliency capabilities and expertise. Given the increased threats by AI as well as the use of AI in organizations, partners should also use and support AI-augmented cybersecurity solutions and be able to tailor solutions to specific customer needs. Additionally, the partner would need to provide education and training support as well as have strong partner security skills.

Partners must also take note that most organizations are critical of reputation. The report indicated that 59% of organizations will ‘definitely’ or ‘probably’ not engage a partner that had been breached or suffered a security incident. For partners that were breached and are still in consideration, 81% of companies that would consider a breached partner will include extra performance clauses and specific service level agreements.

The multi-vendor approach

While most service providers would like to be exclusive partners for organizations, the reality is, some businesses still prefer to work with different partners for different solutions. Just like how businesses take a multi-cloud approach in their digital journey, the report also pointed out that multi-vendor environments are a way of life for organizations in APJ.

Statistics show that only 20% of organizations use one vendor for their cybersecurity needs. 29% use two, with another 23% using three and 10% using five or more vendor solutions. While having multiple vendors is ideally what businesses want, they also need to realize that they could end up with compatibility issues in the long run, especially when it comes to integration.

As such, it is imperative that service providers provide solutions that are flexible and tailored to customer needs. Another interesting statistic is that 54% of organizations want outcomes-based terms as part of their contracts in the next 24 months while 48% want pricing that combines consumption-based and fixed contracts. 31% also prefer fixed terms and 17% want consumption-based pricing only.

Failure to meet these requirements would lead to businesses changing their cybersecurity vendor or strategy. While a breach or major outage is a definite red flag, poor performance by the service provider as well as changing budgets could influence decisions in the long term as well. Hence, demonstrating flexible commercial models and unified platforms that reduce costs would be added value as well.

“With 50% of companies indicating they intend to invest in more third-party managed security services, now’s the perfect time for MSPs to consider how they are offering cybersecurity as a service to their customers and prospects. MSPs can provide businesses regardless of their size with the best defenses against the constantly evolving threat landscape,” concluded the report.