150872549_746442872649914_6675693015348513461_n
teiss-logo-small2.png
  • News
  • CISOs
  • Threats
  • Culture & Education
  • Opinion
  • Events
  • Video
  • teissTalk
  • White Papers
  • Register
  • Sign In
Menu
  • Register
  • Sign In
  • News
  • CISOs
  • Threats
  • Culture & Education
  • Opinion
  • Events
  • Video
  • teissTalk
  • White Papers
Search
Close

Three notes for the CISO looking ahead to 2021

Three notes for the CISO looking ahead to 2021

  • January 21, 2021
  • Industry view from Singtel

2020 brought major changes to how we live and work. And as we look forward to the new year – and what we hope is an approaching return to normalcy – there are three core things security leaders should be focusing on.

The continuation of remote working

The abrupt shift to remote work earlier this year left many organisations enacting what amounted to a three-year digital transformation plan in a matter of months. “Organisations figured out how to survive the initial shock, but it’s time now to start preparing for the future,” says Mark Whitehead, Global Vice President of Trustwave.

One of the biggest ongoing challenges – and one that is frequently overlooked – is the skillset suitability of IT teams working to support the newly established environments. “The core part of digital transformation, from a business perspective, is cloud adoption because it provides agility and flexibility,” says Derek Taylor, Lead Principal Security Consultant at Trustwave.

“Traditional IT skills don’t directly map to cloud-related skills, specifically within security, so there’s definitely a need for upskilling and technical training,” says Ed Williams, Director of SpiderLabs EMEA. “Typically, if you did something internally that was unsecure, the impact was small and contained; now, if it’s hosted in the cloud, the impact could be massive and widespread. Moving into next year, we’ll likely see a number of businesses investing in technical training for the cloud.”

Cyber-crime-as-a-service

Europol’s Internet Organised Crime Threat Assessment (IOCTA) 2020 highlights cyber-crime-as-a-service (CaaS) as being increasingly leveraged by technically unsophisticated criminals. Offerings such as malware coding or distribution are created and sold by developers or consultants. This shift, IOCTA notes, highlights the increased professionalisation of the cyber-crime landscape.

“Cyber-criminals are getting much slicker and more professional and are truly organised at the people level,” Williams explains. “They’re taking data out as well as encrypting all the hard drives and then threatening to sell the data they’ve extracted online. They’re becoming more pernicious and have evolved to the next stage, and this is something that’s likely to continue to evolve.”

Ransomware-as-a-service – provided by cyber-criminals to non-tech-savvy criminals – is proving similarly popular. Europol considers ransomware will become one of the main threats in the virtual world in 2021. The increasingly businesslike nature of ransomware attackers is exhibited in their engagement in online public relations stunts – some even conduct their own information campaigns to advance their goals.

Ransomware has proven to pose a significant threat by targeting supply chains and third-party service providers, for example. According to a Ponemon Institute survey, more than half of companies experienced a cyber-security breach that originated from a vendor in their supply chain. This number can be expected to continue increasing as more organisations accelerate their digital transformation timelines in light of evolving trends in the work environment that are likely to continue into next year.

Economic and business implications

The long-term impact of the pandemic on the world’s economy may result in any number of scenarios, all of which will require cyber-security professionals to remain alert and at the ready.

Some experts predict an increase in mergers and acquisitions as struggling enterprises join forces to stay afloat. It’s easy to overlook the significant impact cyber-security can have in these types of transactions. However, if you’re a CISO whose organisation is considering acquisitions in 2021, it is vital that you make a thorough assessment of their systems and security protocols.

Don’t assume a company is doing all the right things when it comes to cyber-security: even the most tech-savvy company may be leaving itself exposed in some way. Once a deal has closed, the acquiring company becomes responsible for any newly acquired cyber-risk, a hard lesson learned by Marriot in 2018, when it failed to address the significant cyber risks of Starwood.

For the acquisition target, on the other hand, ensuring your business already has these systems in place can help you become an even more attractive target simply by demonstrating strong cyber-security performance.

Some analysts predict we could be entering another “roaring 20s”, similar to the economic boom that followed the 1919 Spanish Flu pandemic. In this scenario, organisations will be racing to generate money before their competitors. This year, companies being cost-conscious as the result of the pandemic has caused gaps in their security postures. “It is imperative businesses don’t get overly optimistic next year and again risk leaving security investments behind,” says Taylor.

The plethora of challenges and changes we’re likely to face in 2021 are now engrained in the “new normal”. The three areas discussed are the ones to watch as we optimistically look ahead to next year. Trustwave remains your ally and advocate for any cyber-security concerns you might encounter, now and in the future.

 


 

by Ed Williams, Director, SpiderLabs EMEA at Trustwave         

Web Editor

Web Editor

Content posted by the team at teiss.
All Posts

Copyright Lyonsdown Limited 2020

Terms of Use

Privacy Policy

Top Articles

SITA data breach compromised data associated with multiple international airlines

SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.

COVID-19-forced work shifts prompting shifts in IT priorities

IT and security teams are changing their priorities to adjust with remote work to ensure productivity amidst COVID-19 related lockdowns.

Tips for building a cyber-security war room

Cyber security war rooms are essential but you need the right team of decision makers to be involved & you need to practice a variety of scenarios

Related Articles

COVID-19-forced work shifts prompting shifts in IT priorities

COVID-19-forced work shifts prompting shifts in IT priorities

Tips for building a cyber-security war room

Tips for building a cyber-security war room

How the human immune system inspired a new approach to cyber-security

How the human immune system inspired a new approach to cyber-security

Paid Slider

You can choose paid_slider from dropdown.


Example : slide-gray, slide-white


    Cancel

Membership Login



signup now | forgot password?