Webinar Replay: 2024 IT Trends Roundtable

VIDEO TRANSCRIPT

Kaleigh Alessandro (KA): Good afternoon, everyone. Thank you for joining us today for our 2024 IT Trends Roundtable discussion.

I’m Kaleigh Alessandro, I’m the director of marketing for Omega Systems. I think at this point, most of you who are joining us are familiar, but in case there are any new faces joining us today for the webinar, I’ll share just a quick background on Omega.

We are an award-winning MSP and MSSP with more than 20 years of experience, notably in the areas of managed IT support, cybersecurity, risk management, regulatory compliance, and cloud services.

And I’ve got a full house of speakers with me today, which I’m excited about. So, please join me in welcoming three of my colleagues from Omega Systems. Bob Mohr, Steve Hathaway, and Maryne Robin.

We’ve got kind of a diverse background in terms of their expertise and their roles at Omega. So, I’m going to kind of round robin amongst you guys. And have you introduce yourselves to the audience. Give a little summary of your role and your expertise. So, I’ll go according to the order that I can see you in and Maryne, I’ll start with you.

Maryne Robin (MR): Yeah, sure, great to be here. Maryne Robin, I’m a security and compliance consultant at Omega. I’ve been in technology for a number of years. I won’t mention how many. And now, I’m specializing in security and compliance.

KA: Right. Steve, how about yourself?

Steve Hathaway (SH): Thanks for having me. I’m currently working as a technical solutions architect with Omega. I’ve been in the MSP space for well over 10 years now. I’ve worn many different hats from service desk, project engineer, to solutions architect, director of technology, done some things on service desk management. So, it’s giving me the unique opportunity to see the business from basically every angle. So, that hopefully out now we’re able to provide some of the best solutions to our customers.

KA: And Bob.

Bob Mohr (BM): Great. Yeah, I’m Bob Mohr. I’m a technical account manager with Omega Systems. Similar to Steve, probably around 10 or 11 years directly in the MSP space and have a well-rounded background as well. I’ve always been tech adjacent. And I’ve had the opportunity to see both the engineering side and the business side. So, I kind of worked in all realms and I really help our clients as a consultant, just leveraging technology better, to do better work for their people.

KA: Awesome. Yeah, great diversity in terms of all of your expertise. So, excited to touch on a number of different topics with you guys today and dissect some of the trends that we’re expecting for this year. So, there’s definitely a lot we want to cover as far as the agenda is concerned today.

But before we dive in, I try to do a quick logistical breakdown for folks who may not have joined us prior and have some of these outstanding questions. So, we did allocate 60 minutes for today’s discussion.

We’ll do our best to leave as much time as possible for Q&A. That said, you are welcome to submit questions at any time during the webinar by using the questions box on the GoTo Webinar dashboard. And like I said, we’ll try to address as many of those as we are able with the time we have left at the end.

We are absolutely recording today’s webinar. So, if you need to drop off early or you want to revisit this content later or share it with colleagues, you’ll be able to do that. And you’ll receive a copy of that recording, as well as the presentation slides and some other relevant materials, typically 24 hours after the event. So, you can expect that in your inboxes tomorrow afternoon around this time.

So, with that, I want to dive into our trends discussion. And kick things off with a 2024 IT trend that we continue to field questions about on our side, and that is Microsoft Copilot — everyone’s favorite topic of conversation this year, I think.

So, businesses are anxious to see what it can do for them. And as of last month now, it’s finally available to a broader audience, which is really exciting. So, Bob, I want to start with you. And I’m curious, what are your initial impressions of what Copilot has to offer right now in terms of benefits and opportunities?

BM: It’s been fascinating. I think you hit the nail on the head. Everybody should really be chomping at the bit for this. I get calls daily, people asking, ‘When can we get it?’ We finally got on board a month ago in the small enterprise, and it doesn’t disappoint. It’s really increasing productivity in the everyday tools we use, like Outlook, Teams, and Word in the Microsoft Suite.

In Outlook, we’ve all been in a situation where you get an email that you’re tagged in. Twenty conversations later, you realize, ‘Hey, we’d better loop Kaleigh in on this one.’ With Copilot, you can quickly ask it to summarize what’s going on in that email, get some action items, and even help you draft an email in response.

Those little incremental time savings every day are huge. In Microsoft Teams, we’ve been using pieces of Copilot for about six months. If you record a meeting and do a transcript, you can get a recap of that summary right away with action items. With the enhancements, you now have the ability to have real-time feedback. In the middle of a meeting, you can have a conversation with a Copilot on your own site and say, ‘Hey, where are we at so far? What are the action items?’ It’s really a game-changer because it’s taking all the information that’s going on and helping you keep up to date on it.

Now, we’re not in meetings anymore trying to take notes on our keyboard. We’re able to have the conversation and the interaction like we did back in the day when we’d be in front of everybody all the time. I always loved that piece of it, the whole Teams environment.

Even in Word, Excel, and PowerPoint, Copilot is making a difference. You can go into a Word document and say, ‘Hey, I want to draft a business plan for an IT shop in New York City.’ Anything random? And it’ll start to build this out for you. Instead of going to a search and finding colleagues and trying to compile this data, you can have a conversation with the AI within Copilot and allow it to do it. You can do that in Word and Excel.

You can ask it to quickly say, ‘Hey, what’s the sales data from this table for the last quarter?’ And instead of having to create pivot tables and make sure you have all the information right, Copilot will instinctively do that for you. PowerPoint as well, easy to apply branding from your company or just converting a Word business plan into a presentation. You can continually edit it. It’s just phenomenal the way the tools are working already.

KA: I think I’m gonna have to – on my end, I’m a chronic note-taker. So, I’m gonna have to get used to giving some of that control up to Copilot in the future. And, like you said, you know, give yourself some time back. For sure.

BM: Absolutely.

KA: Certainly, the security and data privacy considerations for any AI-driven tool, Copilot included, are something we routinely remind and educate our customers about. So, Steve, given that Copilot is still evolving, and we’re still learning a lot about its capabilities, what’s your recommendation at this stage regarding how companies can best secure their data and environments before rolling out a tool like Copilot or something similar?

SH: Yeah, that’s a great question because, like Bob said, immediately, we’re fielding a lot of calls for it, and there’s definitely a market for it. So, we would like to caution, you know, it’s kind of like a look-before-you-leap approach.

Office 365 allows you to have your data in multiple different services: Teams, OneDrive, SharePoint, and in your email. So, identifying where your data is stored is a great place to start, right? Where do we have things stored?

Then, consider the types of data. It can range from innocent Excel files to more sensitive information like PDFs, bank routing numbers, or Social Security numbers. For the sensitive data, proper governance is essential.

As you start to identify, put governing policies in place. Additionally, with Microsoft making it easy to integrate third-party applications, it becomes seamless to work with them on a day-to-day basis. However, be mindful that integrating these applications also brings visibility from those systems into Office 365 and vice versa.

When introducing Copilot into your environment, there’s potential for someone to see things in other environments without the same governance. It’s important to evaluate your entire environment and ask, ‘Where is our data? Do we have the governance around it?’ Also, ensure that your integrations adhere to the same framework.

KA: Yeah, those are good points. It’s creating a web, integrating with all of these other applications and toolsets. Being mindful that, once you flip that switch, you’re really opening yourself up to a much broader network than you’re probably even aware of.

SH: Exactly.

KA: Lots still to learn there on the security and compliance front, I’m sure.

SH: Something you’ll probably hear a little bit more frequently is AI TRiSM. It stands for Trust, Risk, and Security Management. It’s been coined by Gartner. And really, this is a framework that I think they’re encouraging a lot of organizations to adopt. Not just as it relates to Copilot, but as in AI in general. It runs through a bunch of different phases and can be a good thing for someone, anyone really, curious about AI. I recommend looking up AI TRiSM: T-R-I-S-M. And it really dives into some really good security practices.

It starts with auditing your systems, not just yours but also those of your partners, your SaaS providers, and all these other organizations that you’re using. Do they have AI models that they’re using today and how are they using them? Start there and work your way back.

KA: Yeah, I think, you know, we’re going to touch on this a little bit later too, but that, what you just said reminds me too that the vendor aspect of it as well. So, you know, getting that due diligence from your vendors and how they’re using these types of AI-driven tools is going to be really key as well.

Bob, outside of Copilot, what ways or tools are you seeing from an automation and AI perspective, you know, as far as some of the other daily challenges or ways that it’s alleviating some of those inefficiencies and time sucks that we typically see?

BM: That’s a great question. I think everybody’s kinda familiar with chatbots and virtual assistants, and they’ve evolved especially with these AI-powered tools. No longer do we like to call and be on hold, try to figure out the problems ahead of time, and get spun around when we need help with something. So, being able to have a conversation where 90%, 95% of the things I need help with can be answered just by the interaction with the AI tools and chatbots are huge assets.

Security is number one in our world, and there’s a lot more machine learning things that are helping identify security and fraud, especially. There are industries around this; the banking industry has anti-money laundering, it is an entire industry. If anybody’s ever worked or knows the finance world, it’s all driven by what is unique, what’s going on that’s different, not an everyday occurrence, or why is this happening at two in the morning, or why is this money coming from this country. Those kinds of things are huge, and they’re really helping clamp down on those kinds of things.

The other one I talk about is probably near and dear to your heart, just personalizing marketing, right? So, we know so much about ourselves, and we’re learning more and more about ourselves. Instead of having that blanket marketing approach and trying to get people to understand what you do, you’re able to kind of personalize a little more because you know a bit about them, or you’re learning about them in real time as I answer some questions, and you’re able to tailor those marketing responses as well.

KA: I think there’s a lot of potential in terms of how different AI-driven tools can help us on the daily, so sure, this list will be ever-expanding as we continue through 2024.

So, let’s transition to security, you touched on it briefly, Bob, but certainly, from a trend perspective, is driving a lot of our conversations with customers and prospects these days.

Maryne, we talk about the security landscape all the time, it’s daily for you. Right? And how the evolution and sophistication of threats continue to change.

You’re in the weeds, you know, as part of our in-house SOC day after day. You’re a certified CISSP, I’ll give you some props there. What are you most concerned about when it comes to security threats today?

MR: Oh, that’s a good question. It’s not one thing. What’s concerning is that it’s a combination. It’s a combination of volumes, sophistication, change, the speed at which it changes. The volume is coming from, well, partly from AI, like we spoke about, but also, it varies. A lot of kits are available for would-be hackers to buy at low prices, and it’s lowering the barrier of entry. So, therefore, we’re going to see a higher volume of those types of attack, phishing attacks. On top of that, they’ll be more convincing because we have the voice, video, and personalization, artificial intelligence, all that, it’s going to be increased.

It’s not only the phishing attacks; we also see the targeted DDoS attacks where, you know, disgruntled employees or activists. So, that’s an easy way to disrupt companies unless you’re protected. So, that’s for the volume.

In terms of sophistication, well, basically, our playground, what we need to protect now, it’s not only the backyard. It’s not where we had the on-premise infrastructure. Because many businesses now are relying on diverse, hybrid, multi-cloud. So, we need to defend that. So, the defense parameters have shifted. It’s not sufficient now to do just around something. It has to incorporate the whole cloud infrastructure as well. So, not only do we need to defend that, but we need to monitor it. Monitoring it because we don’t know who’s coming in. It could be like the Trojan horse. You know, basically, like, somebody may have that user, may not be a user who says they are. And, of course, you know, the credentials could be compromised.

So, we have to figure out a way to make sure that we are not just letting anyone come in. So, we’re switching our protection from perimeters to the zero trust security model. And I think we’ll talk about this a little bit more in depth later. So, for example, I just gave you an example that we know of a scan account. You know, and again, this is used for scanners, basically, didn’t have a method because they rarely do, and it was compromised. You know, brute force attack, they found the password compromise, and they use their lateral movement to compromise another account, a backup account that, unfortunately, also had admin access, and they are in the network and exhale trading, whatever they want.

So, we need to protect more than just what we have. What we don’t see. We have to include the remote workers. We have to include deferred party vendors, all the IoT, Internet of Things, everything like that, and change the speed at which it changes. It’s amazing. So, we have to be ready.

But I want to make a point also. It’s not just a technology issue. We need to have a C-suite also analyze their supply chain. We see a lot of supply chain attacks. So, we need to vet those vendors. We need, we need now to have a transition from a reactive where we take all we’ve been attacked to more of a proactive security posture.

So, my most concern is like are these companies, are these businesses prepared, do they have the tools and skills needed to thwart those attacks?

KA: Yeah. You hit on a lot of great things there. I think one thing that stands out as a consumer, as a user, this day and age is like, it’s getting harder to tell what’s real and what’s fake, right? It’s, you know, you see all these deepfakes now, and and the video impersonation and the e-mail like, you said, you know, phishing campaigns are getting more sophisticated. It’s getting hard to tell the difference.

MR: Definitely.

KA: Um, so, obviously, to keep up with, with the growing sophistication of threats, we’re also seeing a corresponding evolution of security tools and technologies to, to compete against those threats and ward them off. So, Maryne, what do you think? You know, maybe that, that ideal security stack looks like in 2024, for obviously, knowing every, every company. Different in terms of their size, and their vertical and their resources. But what do you see is that as that comprehensive security stack?

MR: So, at a minimum, you know, cyber attacks are 24×7; they can come from anywhere. So, the question is, how do you spot an attack, especially in the middle of the weekend when it’s emerging? How do you analyze and see if something abnormal is happening? So, you basically need tools. Intelligent tools, and at a minimum, I would recommend EDR, which stands for Endpoint Detection and Response. It’s like an antivirus on steroids, analyzing abnormal user behavior and disconnecting the device or endpoint from the rest of the network if needed. Sometimes that’s not sufficient, and you need a tool to supplement it, called AMTD, which stands for Automated Moving Target Defense. This stops more advanced types of threats.

So, at the endpoint level, you also need to know what’s happening in your network, both incoming and outgoing traffic, not just in your network but also on your SaaS applications. How do you collect all that event data? You would need a tool like SIEM, which stands for Security Information and Event Management. It collects events from your firewall, Office 365, Salesforce, correlates them, and tries to make sense to define the overall picture of what’s happening.

But all those events, that’s a lot to digest. So, if you throw all that to your security analysts, they’re probably going to burn out. So, another tool you may need is SOAR, which is Security Orchestration Automation and Response. It orchestrates by weeding out false positives, eliminating noise, and sending only true emerging attacks to the SOC team (Security Operations Center), which is human and will investigate the validity and priority of a threat.

So far, we have EDR, SIEM, SOAR. If you want to be more proactive and not just look at past events, you need a more proactive-reactive system. You would look into MDR, managed detection and response. This involves proactive threat hunting, risk investigation in real-time by a team of professionals using EDR, SIEM, and SOAR to proactively address attacks.

But I must say, I don’t want to forget that, you know, those acronyms are great, but we also need to protect our first line of defense is our staff, right? We need to protect them because each time an employee clicks on a link, it opens a little hole in your security. So, cybersecurity awareness training is key. Especially for targeted individuals like CFOs and CEOs, they need to recognize social engineering tricks, including those involving AI.

We also need to involve the CISO in business decisions, increasing certainty and securing additional security controls if needed. Sometimes compliance will guide you on what you need to do. For example, FINRA might say you need SIEM, IAM (Identity Access Management), DLP (Data Loss Prevention). Look at the compliance standards you fall under to determine your required stack of tools.

It’s a lot of acronyms, but basically, you have to look at security in terms of layers. Start with staff training and then add layers like EDR, SIEM, SOAR, and so on.

KA: All the acronyms, yeah. Steve, you’re in the trenches, helping customers scope out what they need within their tech stack. What do you foresee as maybe any specific trends on the security front this year?

SH: Yeah, well, Maryne has it right there. Vulnerability management in the middle is a huge one. Because she also talked about speed and volume; the speed at which new vulnerabilities are being published is only increasing. And then what makes that even worse is the speed at which they’re being exploited. There are publications out there that say the average time within 30 days of a vulnerability being published is being exploited.

When you pair that with the fact that we’re introducing new software, new technologies to our businesses at a rapid pace, the days of having an annual penetration test or an annual vulnerability scan are kind of gone. Waiting a year leaves so much on the table, and there’s a lack of visibility into anything that’s present or was published within the last 60 or 90 days. So, whether that’s upping them to quarterly, or in the best-case scenario, having some form of persistent scan. Something that gives you visibility as close to real-time as possible. As threats are introduced into your environment, you’re seeing them close to real-time, able to act on them, and able to understand the business risk. Patch them if necessary or possible, or possibly remove them from your environment if that’s the better approach.

KA: Yeah, it’s gonna be interesting to see. Maryne, you mentioned your regulatory frameworks are giving you kind of specifics now on, and here’s what you need. And, Steve, to your point, that, you know, for years, it said, alright, a periodic vulnerability assessment or an annual vulnerability assessment. So, I would expect we’re going to see some more stringent changes to those timelines moving forward because, like you said, it’s just the speed at which things are changing, it’s just not sustainable.

We’re gonna get into compliance deeper a little bit later, but one trend we’re seeing, particularly among regulated companies, is moving towards that next generation of access control with the adoption of zero trust security models. Bob, can you talk a little bit about zero trust and why we’re seeing more and more customers look in this direction?

BM: Yeah, absolutely, I think it has a lot to do with the evolving landscape of some of the things we’ll talk about, like hybrid cloud and a lot of the remote workforce. But it’s really, it’s a philosophy. And it’s a security philosophy that challenges the traditional thought that anything behind the firewall is safe. We know those days are gone, and there are so many ways for things to get behind the firewall. So, it’s an assumption that no one, whether inside or outside the network, is trusted.

It might sound intrusive, but it’s a mindset that when I want to access resources, it checks things beyond just who I am. It checks my location, the current OS of the device I’m on, and whether it’s secure. All these factors are considered in the verification process.

The philosophy involves looking for anomalies and implementing the concept of least privilege access, where individuals are given access only to what they need to perform their job. Even the concept of just-in-time access is applied. For example, if a technician on the help desk needs elevated privileges to assist a client, they can request it. After confirming their identity and ensuring they are the right person, temporary access is granted.

Another aspect is segmenting the entire infrastructure and environment, where data and technology are stored. By doing this, if an incident occurs (though we can never say it won’t), the blast radius is minimized. Compartmentalizing areas helps in containing and controlling the impact of any security breach or incident.

KA: Yeah, it makes a lot of sense. So, let’s switch gears a little. We talked about it briefly, but hybrid infrastructure cloud, clearly, a continued trending topic, multi-cloud implementations in the cloud. And hybrid implementations are on the rise. As we see companies leverage various combinations of on-premise, public, and private cloud resources to support their operations.

Steve, let me start with you here. Have you noticed any trends with the types of companies that are transitioning to hybrid or multi-cloud solutions? I think historically, we’ve seen certain verticals or industries maybe more reluctant to adopt public cloud resources as an example. Do you see changes to that dynamic, or is there still a level of resistance, maybe from certain types of businesses or industries?

SH: Yeah, I mean, it’s a really good question. There’s still some resistance there. You’re gonna have your verticals, whether it’s financial, healthcare, or government agencies; they’re just going to prefer not just the security, but also the granular control that private cloud can provide outside of public cloud, and being able to choose networking and underlying infrastructure. Whereas, cloud is not going to give you that opportunity. But what we are seeing is that a lot of customers, and it used to be everything was on-premise. All your line of business applications were on-premise, whether it was QuickBooks, Sage, or any other software. Now, all of those providers have also taken the approach of offering their services as a hosted option, whether that’s through a web-based or hosted terminal server, RDS environment, or virtual desktop environment. They’re giving their customers the ability to move from on-premise and use it in the cloud. As we’ve seen our customers do that, it’s had a two-pronged approach where now they don’t have the same reluctant reliance on on-premise servers. Active Directory may not be as important anymore, especially with the advancements in Azure AD and Google Workspace.

We’ve worked with a lot of customers to eliminate servers in certain cases, move a small amount of them to the public cloud, and then start to heavily leverage things like SSO, using Azure AD or Google Workspace to fill those gaps where Active Directory used to be the only option. Now, you have multiple options available to you.

KA: Yes, certainly, certainly more options than, you know, 10, 15, 20 years ago. Bob, what are you seeing among your customer base with regard to hybrid adoption? And are there specific challenges or questions that the businesses are thinking through as part of that adoption process?

BM: Yeah, it’s widespread adoption. I think I’ve heard 82% of leaders have already embraced that model, just the latest stats I had recently. The hybrid could be a blend of public cloud services like the Azure environment for Microsoft or Amazon Web Services or Google, and that private cloud side through companies like Omega. We’re just not relying on the premise anymore, and a lot of those concerns go away.

There are certainly benefits. There’s cost and financial benefits. Going that route, especially with the flexibility. When we’re buying a server for five years of use, we’re hoping we can get that number right and not overcompensate or not have enough available and have to reinvest three years in. That Crystal Ball mentality kind of goes away, and you have a lot more flexibility with the cloud environments. That’s really great.

Of course, the biggest thing you’re still going to run into is security concerns. Now, you’ve opened it up to things outside of your local area. That’s where you really have to be keeping an eye on what kind of access controls you have, all the things that Maryne and Steve already touched on. That whole footprint she laid out, making sure you have the layers. You definitely want to make sure that you’re tightening up the security in that world.

Then, from there, it’s just having that balance and data governance, knowing that you, your vendors, and everyone you’re interacting with in and out of that world is secure.

KA: Maryne, let’s stay on security for a second, as we talk about cloud adoption. With data privacy and data residency concerns, are important for certain companies. If we can assume that there’s at least some appetite out there for cloud regardless of your size or industry, what are some of the primary security questions that businesses should be asking themselves and asking of their cloud providers to ensure that they’re adopting a technology solution that meets their specific requirements?

MR: So, if they are in special verticals, I mean, the first thing is to look first at the compliance requirements. Are you under GDPR? Are you under HIPAA? Because some cloud providers will have different options, especially for HIPAA.

Some questions you should really ask are, you know, do you encrypt data at rest and in transit? What kind of level of encryption do you have? Where are the encryption keys managed? How often do you back up, and where is my data stored? Are all those backups in different countries, because different countries don’t have the same physical security or security measures in place at all? How do you isolate my data from the other clients that you have? Let’s say I don’t want to be your customer anymore. How do I erase all my data that’s on your cloud? Another question could be, what is the current uptime you have? What is the accessibility of my data? What certifications do you have for protecting my data? Are you ISO 27000 compliant, or NIST, or SOC2? What are your disaster recovery processes?

Ask for evidence, proof of certification, and evidence of security control. The business needs to do their due diligence when selecting a cloud provider and not trust everybody, anybody.

KA: There you go. You use that zero trust model with your vendor selection, too.

MR: Exactly.

KA: Um, we touched briefly on compliance earlier, but as each year passes, it seems like more and more verticals are finding themselves subject to stricter compliance obligations. Maryne, from your perspective, what are maybe some of the biggest hurdles to compliance right now?

MR: So, I just want to make it clear that compliance doesn’t equate to security, right? For example, if you follow a set of rules, you’re compliant. You’re driving down the highway and complying with traffic rules, so you’re compliant, but you’re not necessarily secure from another car with road rage. Unless you have a bulletproof window, you’re not necessarily secure. So, there is a difference between compliance and security. However, compliance would require a minimum set of security controls. Let’s start with that.

In terms of compliance: it’s going to be hard to hide from it. Regardless of business size, see, regulation is coming down to our doorstep. You can see it with data privacy laws. California already has their CCPA, New York PA has just passed in the Senate. So, you know that it’s coming.

We also touched on not being so reactive, but more proactive and having more continuous vulnerability checks. So, the biggest hurdle we see, and when I conduct assessments, I ask, where is your sensitive data? And I think the biggest hurdle is to find out where it is because now, as you mentioned earlier, we are on-prem. It’s on the end-user device. It’s on the mobile device, the cloud, the SaaS application, it’s in cloud storage like Dropbox. We don’t know exactly where the sensitive information is. So, that’s hurdle number one, to find out where it is, and we have scanners for that. Who has access to it? How do you control that access? Because now it’s not AD, user-controlled. How do you control that access? How do you review the accounts? Where are your gaps? Do you know what best practices are? Do you know what benchmarks we’re looking at? Where are your gaps? Also, you need to conduct more active risk-based analysis or due diligence and monitor it.

Policies are big. You need to have policies, you need to review them, and update them quite often, especially with all the changes that are happening in terms of compliance. And I see a lot of those cybersecurity questionnaires require evidence, screenshots. So, you have to have this in place. You have to have security controls in place so we can take screenshots of it or provide evidence of it.

There is an increase in demand for risk assessments, certification audits. So, just be prepared. Fines are expensive, or you may be unable to ensure cyber insurance is getting very expensive if you don’t have security controls in place.

KA: Yeah, absolutely. The financial cost of putting the systems in place, right, but then also, the potential cost of a breach of, you know, your premiums increasing, definitely. You know, considerations that you need to ways you go through this process.

MR: Exactly.

KA: Right, so, I want to kind of round out the conversation, and we’ll give folks an opportunity to ask questions, but maybe we can, you know, go around the horn, so to speak, and talk about some key takeaways. Give people, you know, a healthy piece of advice to take with them. So, given the state of where we are today, you know, some of the trends that we’ve talked about today, and the millions of others that are out there. What’s maybe one piece of advice you’d each give to business and IT leaders thinking about 2024 priorities and initiatives. Steve, why don’t we come to you first?

SH: Sure. I mean, less of a per hour priority and more of just, you know, doing the due diligence with everything we touched on here. We talked about how quickly things are changing, how new products are being introduced. And so, as you’re taking those approaches and you’re bringing something new into your business, whether it’s for a gap that you have or to improve a process, it’s important to do the due diligence on them. As Maryne mentioned, right, run them through the paces from a security perspective. Are they checking the boxes that you need for your compliance possibly? Or just, you need to be able to sleep better at night. And then also, look internally. A lot of times, there are tools that maybe already have the same functionality or something similar. So, you don’t always have to reinvent the wheel and bring new technologies in.

But when you do, when you do actually make the decision to bring a new technology, and making sure that you’re checking the box is doing the due diligence, how does it interact with the other applications that you have? Are you bringing new security implications into those? And, as you know, as always, as, as a trusted partner here, we want to hear this from our customers ahead of time, rather than when they’ve already implemented it, and something, you know, is possibly already an issue. So, we love to take part in those conversations. Look at contracts, look at agreements, and try to, you know, go through that process with you.

KA: Great, that’s helpful. Bob, how about you?

BM: I’m big on investing in digital transformation, you know, prepare for that. It’s just, it’s not an option anymore. You have to adopt technologies that are going to enhance your customer experience. They’re going to help operations. They’re going to drive growth. The cloud adoption. We talked about the hybrid environment first. That’s where, if you’re not looking at cloud adoption, you’re not gonna be able to leverage AI. You’re not going to be able to increase your automation and all those, and get good data analytics to understand where your business is at, financially with your clients, and how to improve those things. I think that’s going to be the biggest thing going forward that we have to do.

KA: And, Maryne, key takeaway?

MR: Yes, as Stephen and Bob mentioned, embrace new technology, but don’t do it alone, because, you know, you have a business to run. And cybersecurity requires a different set of skills, and is changing so fast. I don’t think an engineer or even a small team engineer can keep up with the changes, it’s crazy. So, you need sophisticated tools, and you need to have them configured correctly, and you need to be able to adapt to new attacks. We’re here to help.

KA: Think pairing, proactive, agile, you know, staying, keeping pace with all of the changes, right. It’s, this is never a set-it-and-forget-it job, role, industry, right? When it comes to technology, and the way that we leverage it as businesses today, just continued refinement and evaluation sounds like the right approach.

All right, good. I want to give folks on the phone an opportunity to submit questions. If you have not done so yet, there is a Q&A box within your GoToWebinar dashboard. You can go ahead and type in any questions that you might have for our panel today and we’ll do our best to address them as well as we can.

I’ve got one here from Samuel, ‘Speaking of vulnerability management, how important is it to keep PC manufacturer drivers, BIOS software, and third-party apps up to date?’ I would assume the answer is very important, but maybe, Steve, you can kind of address keeping, that stuff up to date.

SH: Yeah, no, absolutely. I mean, that’s kind of where I was getting with the frequency of those scans. If you’re doing them yearly, it’s like a hurry up and wait. You get the scans, like, ‘Okay, let’s fix all this. Right now, patch our patch everything. Let’s make sure everything is solid.’ And then within 3 to 4 months, the whole framework, everything’s changed. There’s been a new vulnerability on multiple systems, whether it’s a Google Chrome browser or an actual error, a firewall reference, or the out-of-box management on your host servers. So, getting close to real-time visibility on those and patching them as rapidly as possible is paramount, is very important.

KA: Yeah. And I know that the third-party application patching is huge too, right? It’s not something that every MSP out there does. We saw it particularly last year with that big Adobe vulnerability and you know sometimes those software products are just are, you know, they’re extremely vulnerable out in the wild. So, I think, you know, kind of reinforcing the third-party application patching is really important too.

SH: Absolutely.

KA: All right, let’s see. Kind of a quiet audience today guys. You obviously just touched on everything that they wanted to cover. Do you guys have questions for each other, my esteemed panel?

SH: Putting us on the spot, huh?

KA: I’m putting you on the spot, absolutely.

MR: Um are you real Steve? Is this really you or is this a deepfake?

KA: What’s that news? Is it Sora, the new video tool that’s floating around where you can just tell it, you know, create a video of someone in a family owner or something? And it just, that terrifies me.

MR: It does, it is. It is very hard now to tell what’s real and what’s not. People need to slow down. When dealing with emails, Zoom, or anything, you have to slow down and think. Almost be skeptical. Is it real? Doubt all the time. I have, especially about that, but doubting is this for real. You never know.

BM: It’s a zero trust mentality, right?

MR: Yeah. Exactly. zero trust.

KA: Well, that goes to the next question that Lisa just put in here, ‘I read a story this morning about a Chinese company, where the fake CEO asked the CFO to make urgent payments to the tune of $25 million. The crazy thing is that this was done via Zoom call. How can we avoid this from happening? They faked the Zoom, participants, faces, and voices.’ So, that’s the kind of stuff now where really, really impressive technology capabilities, but really scary repercussions.

MR: Yeah, and the voice also, was a deepfake, the voice. I, unfortunately, it’s like zero trust. So, I think if, I remember the story via, the person irritated a little bit, and but because everybody was in the Zoom meeting, and he had more than just to see you. And you can recognize some friends of bear that here when her head. But, unfortunately, we need to put policies in place and saying, you know, if there is a transfer of so much, you know, you need to people’s involvement. You need to check by phone. You need to, you need to have several layers of protection right there. Policies need to be in place. So, each time now we have a night, I’m pleased the handbook needs to be updated and, and test your, your, your staff. I would do a social engineering you know, send somebody to do social engineering to your business and see how everybody is faring. In fact,

BM: I can’t echo the policy statement enough, you know? Everything we do with technology starts with an actual policy. And it doesn’t have to be, use this tool or use this software. It’s as simple as, if there’s a request for transfer over a certain amount of money. Stop. You have to get verification from two people. If you get a call from somebody, and you’re not sure, tell them you want to call them back and call a number that you know, they’re supposed to be able to confirm it. All those little things, that hasn’t changed. And now you have the ability to create a video, or have somebody live on a Zoom, call has changed, but those policies we’ve seen, I can guarantee Maryne, Steve, everybody here. We all have those horror stories because we have clients that have fallen for those things in the past. Sent, half million, or more out the window, especially with what we’d like to call the CEO exception. Well, it was the CEO and he was in a hurry. He was traveling. So, we just skipped all that. You have to just, take a minute, breathe in, and follow that right Policies.

SH: Maryne touched on how important it is to train the staff, right, and to arm them, and to educate them. The likelihood of you falling for something, the first time you see, it is a lot higher than if it’s the fifth or sixth time you see it, even if those are simulated and, and ultimately fake, it’s fake. Attacks are fake versions that are, you know, for, for education purposes. But just getting that into SA into someone’s memory that this, this is out there. This is, this is can possibly happen and seeing how they react to it, you’d, rather than make that one time on the, the, the fake, you know, the dirty, the attempt that you’re doing internally, and that you ever control that, you’re controlling, rather than it be the live environment where it could cost the business.

KA: Feel like, it’s like the, you know, if It feels too Good to be true. It probably is good. It’s a good methodology to follow. Alright. Well, it looks like this is a good place to wrap things up. I’m sure we’ve only scratched the surface in terms of 2024 technology trends. So, I certainly encourage folks who’ve joined us today to reach out with additional thoughts and questions that we can help address over time.

As a reminder, everyone who joined today will receive a copy of the slide deck, as well as the full recording. So, if you want to revisit this content in the future, you can absolutely do so. Keep an eye out in your inboxes for all that information tomorrow afternoon.

Wanna go ahead and thank my panel of colleagues. Bob, Steve, Maryne. Thank you all for sharing your insights and perspectives today, and, as always, thank you to our attendees for joining. We hope we will see everyone again real soon.

Thank you.