Episode 71: Riding the Waves of Change in Cybersecurity: How partners can prepare customers for emerging threats and generative AI

Kyle Alspach02/22/2024

Constant change creates both risk and opportunity in the world of cybersecurity. As Senior Editor at CRN Kyle Alspach discussed in our recent #shifthappens podcast, the threats continue to intensify even as new tools promise potential relief. Partners stand at the intersection of these waves of change, guiding customers to shore up defenses while also realizing strategic gains.

“It’s demonstrating that the channel continues to be super important,” Kyle said, referencing recent stats showing robust cybersecurity spending growth through IT channel partners. But what lies beneath those upward-trending figures? And what should partners focus on to skillfully ride these rising tides?

Intensifying Threatscape

The core dynamic causing the chaos, according to Kyle, comes down to the unrelenting evolution of threats, provoking an explosion of security tools attempting to counter them. The result? “An incredibly chaotic space,” stacked high with fatigue among security teams working at the front lines.

“Once you’ve talked to some people who are doing security for a living, you start to understand why there is such a shortage of professionals who want to do this and why they’re getting burnt out so quickly,” he explained.

So where should partners concentrate their efforts amidst the pandemonium? Kyle highlighted security operations as a prime focal point - and an area where generative AI shows particular promise. Technologies like automated summarization of threat intelligence could provide much-needed clarity and efficiency. Partners advising on security operations platforms will want their fingers on the pulse here.

The Identity Threat Vector

Zooming in on specific attack trends, Kyle called out identity as “a running theme through almost every incident.” High-profile cases like the recent Okta breach validate identity and access management as major vulnerability.

As hybrid work persists, partners have an opportunity to guide customers through identity and access best practices while providing tools and platforms to simplify these complex challenges. But as Kyle noted, “There isn’t a great answer on it. There is no generative AI solution to that.” At least not yet. Partners must remain vigilant here.

Consolidating the Toolbox

On another pressing front, Kyle observed immense appetite for consolidation, both among partners and their customers. “There are too many tools, which just creates too much complexity, which itself is a security vulnerability,” he said. Partners targeting this pain point with integrated platforms housing best-of-breed capabilities stand to win big.

But consolidation poses its own complications. “They want best of breed,” Kyle explained, noting partners may need to strike a tricky balance meeting narrow customer needs while also streamlining environments. Flexibility and custom configurability will likely emerge as key selection criteria here. Those able to thread this needle will surface to the top.

Autonomous or Not?

As AI itself takes on more security responsibilities, intriguing questions swirl around its decision-making autonomy. “How autonomous could this actually become or should this become?” Kyle pondered. Reactions diverge. Some express hesitation trusting AI with independent choices, while others seem bullish on increased automation.

Partners must closely track customer sentiment and use cases here. Being able to guide strategic discussions around appropriate guardrails and governance will distinguish advanced advisors. And those able to intelligently monitor and manage autonomous systems through partnerships with AI security vendors may carve out an entirely new managed services niche.

Scanning the Horizon for Vulnerabilities

Casting further ahead, Kyle discussed AI’s potential to uncover zero day vulnerabilities. Here machines trade blows directly with malicious actors in an endless exploitation arms race. Partners might eventually leverage AI scanning tools for proactive vulnerability assessments or tie these capabilities into offensive security services.

But so far options remain limited. As Kyle concluded, “I don’t even know how many of these tools are even generatively available yet in generative AI for security.” For now, partners are mostly in wait-and-see mode. But creative prospects start to emerge for those paying close attention.

Best Practices for Partners

As partners chart courses through the tumultuous waters of cybersecurity, what signposts can guide their way? Kyle weighed in with recommendations centered on continual learning and long-range perspective.

“Curiosity is a good thing to try to maintain,” he encouraged, even in the face of hype fatigue. Staying abreast of GEN AI's quickening pace requires anticipating impacts further ahead than typical planning cycles. Partners might even participate directly in that acceleration by strategically integrating new generative tools into their own practices once commercially available.

And on the customer guidance front, Kyle advised broaching hypothetical scenarios with leadership about AI's downstream potential. Brainstorming sessions positioning partners as strategic advisors - not just vendors - strengthen trust and set the stage for long-lasting relationships.

Smooth Sailing Ahead?

As always in security, existential threats loom ominous on the horizon. But partners also have at their disposal powerful enablers to counter danger and uncover opportunity. By maintaining keen situational awareness, capitalizing on consolidation demand, and charting courses for customers across unsettled GEN AI waters, partners can ride out storms and stay the course no matter how rough the surf ahead.