Cybersecurity Trends Shaping the Software Industry

News, insights and updates from the team at Bloom Equity Partners

May 03, 2024

Happy Friday technology investors, operators, and enthusiasts.

We’re here again with The Bi-Weekly Bloom – one of the best resources for Private Equity, Enterprise Software, and Technology news. In each edition, we delve into:

PE Interest in Technology
Our team’s favorite articles and podcasts from last week
Insightful tweets from fellow investors and operators

Join nearly 10,000 readers for a summary of our favorite software insights, articles, podcasts, tweets, and news headlines, subscribe below:

Cybersecurity Trends Shaping the Software Industry

From high-profile ransomware attacks to significant data breaches, software providers must stay vigilant regarding cybersecurity. All it takes is a set of breached credentials, human error from an end-user, or a cloud misconfiguration to prove disastrous – and costly.

Despite implementing robust security protocols, cybercriminals and hackers still find ways to infiltrate networks, steal personal and business data, disrupt operations, and ruin reputations. Data breaches reached a record high in 2023 – over 10,000 confirmed – and according to Statista’s Market Insights estimates, the global cost of cybercrime is expected to rise from $9.22 trillion in 2024 to $13.82 trillion by 2028.

The software industry is a driving force of digital transformation. However, as software continues to permeate our lives, cybercriminals are devising more sophisticated methods to exploit vulnerabilities.

To protect your business, you must adjust your approach to software development and adopt new technologies and methods. The adoption of AI will also have an impact on potential vulnerabilities in code. Here are some essential cybersecurity trends expected to impact the software industry 2024.

red padlock on black computer keyboard — Photo by FlyD on Unsplash

Ransomware Continues to Evolve

While Ransomware isn’t a new threat – it’s been around for about 20 years - it remains a dominant force, targeting every industry.

One-third of all breaches in 2023 involved Ransomware or some other extortion technique. For companies that fell victim to these attacks, the most common consequences were network downtime (44%), data loss (42%) and brand/reputation damage (39%).

Attacks are expected to rise in volume and sophistication, making detecting and identifying ransomware threats more difficult.

Supply-Chain and MFT Attacks on the Rise

Technology advancements enable supply chains to move faster and more efficiently. However, this also results in vulnerabilities and breaches. Cybercriminals target supply chains to compromise the integrity of products and services. These attacks affect not only the company but also its customers.

Third-party relationships are often the weakest link in the supply chain due to third-party access to organizational systems and vendor data storage.

The most significant supply chain threat for software providers is in managed file transfer solutions, which enable the exchange of sensitive information including software. Breaching a file transfer point on the Internet is much easier than breaching a corporate network perimeter.

AI from Both Sides

Artificial intelligence is becoming a double-edged sword for the software industry. While companies must embrace AI to remain competitive in the marketplace, AI-powered tools are also crucial for threat detection.

Unfortunately, cybercriminals are leveraging AI to develop more targeted and evasive tactics and identify weaknesses in security systems. Hackers craft AI-generated phishing emails with higher open rates and create realistic and convincing deepfake video and audio messages.

With the rise of generative AI, threats are expected to grow even more sophisticated throughout 2024, and the best way to fight back may be through AI itself. While AI in cybersecurity is in the early stages and evolving rapidly, software companies must embrace AI development practices to stay ahead of the criminals.

AI developed code could also have some unforeseen vulnerabilities that are not yet fully understood. While utilizing AI developed code enables faster scale and efficiency, it should be used cautiously and judiciously.

Cloud Technology Vulnerabilities Create Risks

The cloud has become a default technology for most infrastructures. If your product isn’t entirely in the cloud, you probably use the cloud for at least part of your processes. However, cloud advantages like fast time to market, convenience of use and cost reduction come with their cybersecurity risks.

In a cloud environment, cybersecurity responsibilities are divided between a cloud service provider and clients, which creates multiple entry points for malicious actors.

Cloud vulnerabilities include:

Security misconfigurations
Weak access environment
Unprotected APIs
Susceptibility to DoS attacks
Account hijacking
Weak or absent cryptography
Shared technology vulnerabilities

As organizations rely on cloud services, ensuring robust security becomes paramount for data storage and operations. Continuous monitoring and updates are essential to mitigate risks and safeguard confidential data stored in the cloud.

Rising Usage of IoT Devices

IoT devices facilitate complex business processes and improve connectivity worldwide. They have seen tremendous growth in adoption and integration into security networks, which will continue in 2024—the number of IoT devices is estimated to increase from 15.14 billion in 2023 to 17.8 billion in 2024.

The substantial growth of the IoT market comes with cybersecurity risks, especially with the increasing usage of edge computing devices and cloud ecosystems.

These devices often lack sufficient security capabilities, making them susceptible to exploitation by malicious actors. When compromised, attackers can use IoT devices to initiate extensive DDoS assaults or breach home networks.

Zero Trust Becomes Mandatory

The traditional perimeter-based security model is no longer an effective barrier to protect against attacks. More companies, including software developers, are adopting a "zero trust" approach, where every user and device is constantly authenticated. Software development must integrate zero trust principles to ensure secure access control throughout the software lifecycle.

Human Error is a Strong Threat

Human error remains a significant threat for businesses – almost 70% of data breaches in 2023 were caused by employees, and any data breaches were caused by people and employees. Software companies can lower the risks of attacks and limit business disruption by prioritizing employee security awareness training and fostering a security-conscious work environment.

Cybersecurity Skills Gap Grows

Professionals who implement security features are scarce as there is a need to implement more security features to protect networks, systems, and software. Cybersecurity Ventures estimates that the number of unfilled cybersecurity job openings will be 3.5 million by 2025. The lack of security professionals (and IT workers in general) has led to increased workloads, ineffective usage of cybersecurity tools and over-reliance on technology.

About Bloom Equity Partners

We’re big fans of mission-critical enterprise software, technology and tech-enabled business service companies with a competitive moat and a loyal, diversified, and growing customer base. Whether the business is bootstrapped, VC-backed, or a division of a larger organization, Bloom is completely agnostic to the structure. We are actively seeking investment opportunities that fall within the criteria below. We welcome the opportunity to discuss potential investments with founders, operating executives and intermediaries.

Our Investment Criteria

Industry: Enterprise Software, Technology and Tech-Enabled Business Services
Geography: North America, Europe, Australia and New Zealand
Revenue: $5M - $50M (>70% recurring)
Growth: 5%+ annual revenue growth
Retention: >80% gross annual customer retention
Profitability: Positive EBITDA or near breakeven within twelve months
Investment Type: Operational control required

If you or someone you know is considering selling or investing in their business, we would love to learn more! Check out our referral partner program, which compensates referrers for introductions that lead to affirmative outcomes.