CISOs Share 2021 Predictions for Cybersecurity
Thankfully, 2020 is on the way out. What are CISOs saying about what’s to come in 2021? From targeted ransomware, insider threats, cloud security, lateral movement, and remote work, to the importance of good cyber hygiene and credential management, there are A LOT of challenges to be dealt with. So we brought together CISOs to hear their thoughts and 2021 predictions for cybersecurity.
We recently hosted a roundtable of information security leaders including Arlan McMillan, Chief Security Officer of Kirkland & Ellis LLP; Karl Mattson, Chief Information Security Officer of PennyMac; Cooper Wilson, Director of Global Cyber Security of Darling Ingredients; and Ofer Israeli, CEO and Founder of Illusive Networks, who moderated the discussion.
The discussion took place during the first half of December, just as we were learning about the initial reports of a cyberattack against FireEye. It’s therefore both noteworthy and impressive that much of the insights and predictions shared by the panelists ring true as we learn more about the attacks.
I encourage you to view the full discussion on-demand at your convenience. In addition to the predictions for 2021, other topics discussed include targeted ransomware, malicious insider threats, 3rd-party risk, and more.
2021 Predictions for Cybersecurity
Prepare now to close gaps
Karl Mattson, Chief Information Security Officer of PennyMac, encouraged security teams to use the end of the year to make sure structures are in place for the year ahead. “Some short-term strategies like aggressive active defense, looking at basic privilege account management lockdown, are a couple of things that we are going to put in place just after the new year in order to close gaps. What I’m trying to paint for the organization is that while we may psychologically feel that, oh 2020 is finally over, this big surge of change is over, but be careful. Don’t underestimate 2021.”
Arlan McMillan, Chief Security Officer of Kirkland & Ellis LLP – “One of the things I love about security and technology is that it’s constantly changing…and we are seeing an acceleration of that change, not only in technology and how businesses work, but also how the bad guys are coming after us. If you’re not comfortable with change and agile thinking? Wrong job. I only see that accelerating.
“What do I see in 2021? More. More, more and more of everything. [In 2020] we saw the shift from work to home. We saw organizations that weren’t prepared, they didn’t have the groundwork already set, and they struggled. They had to poke holes in their security fabric. We all know some of the most permanent things in IT were once called temporary. So those organizations will likely be living with those holes for a while. I think we will see more breaches of those types of organizations. We just saw with FireEye, even strong organizations can get breached. The takeaway is you have to work hard now so you are better prepared for tomorrow.”
Ransomware gets personal
Cooper Wilson, Director of Global Cyber Security of Darling Ingredients – “From a people perspective, expect for it to become more personal. From a technology perspective, expect it to move to the latest. What I mean by that is we hear about APIs, or Cloud. But how many shared keys are sitting on text files, notebooks, and Outlook notepads? How many things are out there that you’re just not looking for, that you will be looking for in 2021, cause they will be the quickest ways to make some money?
“We talked about ransomware. One of things that really shocked me was a couple of months ago the US Government saying, ‘don’t pay ransomware, and if you do, and if it’s to one of a list of sanctioned countries, we’ll come after you’. Well there went an entire section of my toolbox…so I think we’re going to see more confusion around it, because ransomware by itself I think in a couple of months this year made more money than oil.
“I think where there’s money, there’s going to be more. Where there’s more, it’s going to become whatever is the quickest and easiest to get in and get out, and as ransomware is a business and it’s going to become personal and it’s going to focus on things that get them there the quickest. So you have to have an outward-facing strategy of fixing what you know is broken. On the other side, you have to back away from the table and start asking questions about things we don’t know. If you asked your team, how would you attack us, I think you’ll find more open doors than you knew existed. Be ready for the next flex. One thing that [cyberattackers] have shown us this year is that they have been agile.
“My last prediction is that the attackers will be no longer competing, but working together. What does that mean? In January, if we had a vulnerability on an external site and it got breached, we would patch it to keep the other guys out. Today, [attacker groups] are selling things to each other.”
The use of AI and ML in ransomware
Arlan McMillan – “In terms of predictions, I’m waiting for bad guys to really use AI and machine learning to dynamically attack organizations. So put your tools against the organization constantly, take the people aspect out of the attackers, and use AI and ML to breach organizations, I think that’s going to be an interesting wave coming up.”
Relying only on patching and IoC updates is not enough
Asked about advice in the context of recent cyberattacks, Karl Mattson said relying only on patch updates and IoC updates is not enough, and advocated for a strong, active defense strategy. “The rest of the security vendors now have to update IOCs…We should be thinking to ourselves If we’re reliant on that, we’re in trouble. If we’re thinking about active defense strategies, they aren’t reliant on IoCs. The degree to which we can protect our networks, if we are dependent on patch cycles, IoC update cycles, the more reliant we are those things, the more likely we are to fail. That’s where I think active defense and deception really plays a pivotal role, because it doesn’t make me dependent on the vendor for updates. That’s a big differentiator in terms of the effectiveness of controls that we can put in place.
We at Illusive share with you our best wishes for a better year ahead, a safe, secure and healthy 2021!
Here’s other sources for keeping up-to-date on cyberthreats:
- Watch the full CISO discussion at any time, CISOs on Ransomware, Malicious Insider Threats and What to do About Them.
- Read our Advisory – SolarWinds Supply Chain Attack
- Watch Matan Kubovsky, VP of Research and Development at Illusive, give a quick video overview of what we know about the SolarWinds supply chain attack
- View the whitepaper, Stopping Ransomware Requires Early Threat Detection of Attacker Movement.