From COVID-19, to the massive breaches experienced by FireEye and SolarWinds, last year we saw an increase in phishing, ransomware, malware, and most recently hyper targeted nation-state attacks. As cybercriminals increase in sophistication, we cannot always prevent these attacks, but there are tangible steps we can take to protect ourselves and the organizations we work for.
While we know predicting the future can be futile, being prepared isn’t. There are many tangible steps you can take to not end up front-page news. Keep reading to see what some of our executives think we have in store for 2021 in the world of cybersecurity.
Caroline Wong, Chief Strategy Officer at Cobalt
In 2021, 2 out of 3 cyber attacks that happen will not be detectable by machines alone. Humans will continue to be an integral part of cybersecurity and continue to influence and impact the quality of cyber programs at companies large and small alike.
2021 will be the year the industry solves the unsolvable. Advances in technology will present solutions to problems that security professionals had previously given up on.
For example: Cobalt! Organizations had largely "given up" on pentesting because it was too expensive and too complicated to procure and manage. Organizations began to accept that they simply could not pentest software as broadly (pentest many applications) or as frequently (pentest applications more often) as they ideally would like to do in order to manage risk. Similarly, sensitive data in big data platforms is often stored "in the clear" because to encrypt it would cause unacceptable damage to performance times for queries. 2021 will be the year when solutions to this "given-up-on" problem emerge.
Ray Espinoza - CISO at Cobalt
Ransomware will continue to rise in unprecedented volume and sophistication because it continues to be a lucrative attack for cyber criminals. It’s not a matter of will your company be affected but when. CISOs must proactively think about what’s at risk and how they can decrease that risk. Vulnerability management programs are critical for organizations to be able to discover the flaws in their infrastructure. It is only then that security leaders can partner with stakeholder teams to align on risk and drive remediation or mitigation to lower the chance a ransomware event impacts the business.
Cloud configuration will still remain as a top threat vector in 2021. Though new solutions and service offerings become available each year, many companies are slow to adopt and are unaware of misconfigured cloud services. Palo Alto Networks' Cloud Threat Report recently highlighted that many companies are still not fully aware of how to properly secure things like IAM, which can be catastrophic. While cloud providers like AWS provide basic security guidance, utilizing newer offers requires a deeper level of understanding to implement securely.
Alex Jones - Infosec Manager at Cobalt
Cybercriminals will continue to target health care organizations for sensitive vaccine and healthcare data. With rapid expansion of healthcare technology, temperature/thermal screening, contact tracing apps/data and clinical trials/vaccination data, COVID has created massive new high-risk data sets and attack scenarios.
Phishing and spear phishing will continue in 2021, and is likely to be a leading attack vector. Cybercriminals are still making millions of dollars on these scams, and as long as it stays profitable, business email compromise will remain a major issue. Developing a comprehensive, inclusive and fun security awareness program is critical to helping businesses manage and mitigate risk to end users.
Ransomware will continue to plague organizations, mainly because of bad security hygiene and the fact that organizations are still paying ransoms, which incentivizes cybercriminals to keep pushing ransomware attacks. Internet-exposed assets are continually being scanned by ransomware attack groups, and companies that lack robust patching and vulnerability management programs will have increased exposure. Unfortunately, this has even resulted in deaths, where hospitals are severely impacted by ransomware, leading to real-world impact on patients’ health.
Addressing these threats and building your team's resilience can be a complex undertaking. To help security professionals learn actionable steps from seasoned industry leaders, we've organized our latest virtual conference, SecTalks: Lead with GRIT. We'll be discussing these points and more with speakers from Oracle, Akamai Technologies, Carrier, Axel Springer, the list goes on. Reserve your spot!