The COVID pandemic isn’t over. We’re still seeing continual disruption in the workforce with states all over our country going in and out of lockdowns. Ransomware attacks have increased. Remote work teams are continually disrupted and security perimeters are being tested. CIOs and CISOs are continually adjusting their short and long term plans.
So what are we going to see this year?
- Ransomware: Volume, Velocity and Sophistication.
Cybercriminals are opportunists and we can determine that by the sheer volume of COVID themed attacks being reported by the Australian Cybersecurity Centre.
Businesses, schools, and healthcare organisations struggling to cope with the pandemic could ill afford to have their systems off-line due to a ransomware attack, and attackers know they are consequently more likely to pay. According to a recent RSA report, 27% of ransomware victims paid a ransom fee in the previous 12 months, paying on average $1.1 million.
Attackers have shifted tactics recently to raise the stakes for their victims, by improving the implementation of their encryption bribes and making them harder to crack. Rather than simply encrypt critical data, some criminals now steal sensitive data and threaten to release it if the ransom is not paid. Some cybercriminal groups are now conducting ransom-based distributed denial-of-service (DDoS) attacks. The attackers threaten to disrupt a targeted victim’s network with a DDoS attack if a ransom is not paid, sometimes in sync with a “teaser” attack that causes minor disruption.
Cybercriminals will continue applying ransomware to the most profitable “line of business” in 2021. That makes it critical for CISOs to ensure they follow have complete visibility over their cybersecurity and ransomware platforms in the coming year.
- The expanding responsibilities of the CISO
COVID has raised the profile for security and the CISO is taking a seat at the leadership table. The sheer volume and threat of attacks have hit the executive leadership teams and now they are looking to CISOs to develop a comprehensive and visible response plan. A greater attack volume, especially for ransomware, has caught the attention of CEOs, CFOs and boards of directors, and they are looking to CISOs to respond. Additionally, the sudden need to safely support scores of remote workers has raised concerns over the vulnerability of systems and data.
The most successful CISOs have always determined that the security function needs to have a comprehensive strategy that is backed up by complete visibility, and transparency.
Based off our experience, the best CISOs are good at the technical aspects of cybersecurity, but they are focused on operational excellence, visibility and business integration.
That means going beyond talking about threats and mitigations and explaining how security enables the business as a partner and vital to operations.
Successful partnering requires good communication. CISOs need to be able to speak about cybersecurity matters at different levels of the business and show success through stories, dashboards and continual reporting.
- Reassess security perimeter
How do you protect all your endpoints if they can be anywhere, and perhaps enabled by a savvy employee with a company credit card?
Many, if not most, of the newly remote endpoints that security teams suddenly had to protect in COVID's work-from-home shift will become permanent. These include newly appointed SaaS applications that help with remote working such as Slack or Dropbox.
The pandemic has also spurred companies to start or accelerate digital transformation projects, which most significantly means moving more systems to the cloud. That, too, requires a rethinking of the security perimeter.
To cope with these permanent changes, enhanced threats and expanding threat surface, companies are looking at several technologies to pilot or implement in 2021, according to IDG’s Security Priorities Study. Respondents say they will either evaluate or invest in these technologies for 2021:
- Zero trust(40%)
- Deception technology (32%)
- Authentication solutions (32%)
- Access controls (27%)
- Application monitoring (25%)
- Cloud-based security services (22%)
- 4. Security talent demand goes up
As security leaders adapt to the long-term changes brought on by the pandemic, many will likely want to add staff or change the make-up of their security teams. With an already tight pool of prospect employees; hiring security talent is bound to get tougher in 2021.
One option is to consider remote security workers or outsourcing. Many organisations have resisted hiring remote security professionals or consultants, but the pandemic has proved to many that not all security talent needs to be on premises. This frees businesses to focus on their core priorities and leave the cybersecurity to experts.
The first step, however, is to train non-security people on how to approach the cybersecurity of their particular department. IT, finance, and business operations staff are among the most viable employees for retraining and have the highest rate of transitioning to cybersecurity or following best practise. Each has domain knowledge, such as networking systems, financial transactions, and business processes, that would enhance any security skills they learn.
For greater visibility and control over your cybersecurity risk profile, we partner with RSA® Archer®. The RSA® Archer® GRC Platform supports business-level management of enterprise governance, risk and compliance (GRC). As the foundation for all RSA Archer GRC solutions, the Platform allows you to adapt a broad range of solutions to your requirements, build new business processes, and integrate with external systems without touching a single line of code. RSA Archer’s flexible strategy has won over some of the most demanding Fortune 500 companies.