<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
search
close

CEO insights: 3 trends for 2021's cybersecurity

by Sebastiaan Bosman Blog 3 Feb 2021

The year 2020 has brought us many different events and experiences, all with varying levels of impact. Physical events have impacted the digital world, and cybersecurity incidents have had their effect on the way we live. Remember the Citrix incident early this year? That prohibited many from working remotely, resulting in massive rush hours traffic jams as everyone travelled to the office. Almost the exact opposite of what COVID-19 has done to our way of working.

But what does this mean for 2021's cybersecurity? And what evolving threats should you prepare for? Three cybersecurity CEOs share their views, predictions, and tips. 

C-3EO: Human-cybersecurity relations

The three cybersecurity experts sat down for a virtual fireside chat on Thursday 28 January. The discussion is available on-demand here.

Mark Arena from Intel471, Kristofer Mansson from Silobreaker, and Pieter Jansen from Cybersprint. Between the three of them, they have different specialist perspectives on the cybersecurity space, both from personal experience as well through the services their organisations provide.

Looking back at 2020, they discern a few developments which mark changes in the way organisations operate, how threat actors operate, and how IT security teams operate.

Growing Supply chain risks

For example, Pieter discusses the incidents with Citrix and the more recent SolarWinds software vulnerabilities, and how they are exploited by (nation state) actors. It shows how many different types of organisations have been depending on third-party services and software. This is not a bad thing in itself, of course. However, it can become troublesome when this supplier is compromised, making all of their connected organisations vulnerable as well.

It has become more evident that threat actors are starting to attack organisations via their supply chain. The risk of a directly targeted phishing attack has started to make way for third-party risks.

As Mark and Pieter elaborate: “Supply chain attacks have grown,” says Mark. “SolarWinds has brought it front and centre to western organisations.” “And this will happen again,” says Pieter. “Probably within the next six months with another company.”

Luckily, there are constructive lessons to be learnt as well. “As we get more of these ‘drills’, we get better at responding,“ Pieter says. “The response plans are becoming more standardised. But the biggest takeaway of the SolarWinds case will probably be the acceleration of related regulations”.

Knowing the impact

The three cybersecurity companies all have one returning question to answer for their clients: “Does event X have an impact on my organisation?” As Kristofer explains: “When we look across the customer base, we see a multi-dimensional and complex picture. One dimension stakeholders want to know about is impact. ‘Is this a direct threat targeted at us? Or an associated, industry, or global threat?’ CTI teams are trying to provide intelligence on the different threat types.”

To do that, IT security teams are changing the way they operate. As Mark explains: “The question we all need to be asking ourselves is: ‘How do we get our organisations to move past compliance-based conversations, and move it to an intelligence or risk-based strategy?’”

The road to these changes is already being paved. The end-destination will always be changing, but the tools we use to get there are more important. “I think there is just too much work to be done manually,” concludes Pieter. “Automation is the key to solving many of these problems. Start with your top 5 suppliers. You know them, you can easily call them.” After that, using the right solutions to automatically provide you with the intelligence and risk information needed is vital.

Eternal Christmas

Mark, Kristofer and Pieter have shared many more insights than crammed into this blog. Mark talks about the growing threat of ransomware, and if we will see the first hundred million-dollar ransom being paid. Kristofer shares how the California wildfires, BLM protests, and other physical events make cybercriminals change tactics. And Pieter discusses how the global pandemic brought an eternal Christmas for packaging and shipping companies, who now have become a much bigger target.

For their complete analyses, click the button below to watch the full-length chat.

Watch the chat >

Digital Footprint compared to 5 security technologies

In this blog, we'll cover our Digital Footprint approach compared to five existing security approaches. What methods do they share? And where do they complement each other? We'll have a look at these techniques:  1. Asset discovery 2. Vulnerability management 3. Penetration testing 4. Red teaming 5. Supplier security governance Each has some touch points with Digital Footprint. For this comparison, we build on our earlier explanations of the concept. In the first blog, we gave our definition and summarised what drives the need for the solution. You can read our second blog to see how Digital Footprint is positioned with regards to External Threat Intelligence.

read more

Digital Footprint in External Threat Intelligence

Every IT Security team needs access to some sort of Threat Intelligence (TI). It is an umbrella term for the collection of information and data on security risks and the threat actors behind them. Together, this information helps to prevent or limit incoming threats, and provides insights when mitigating an incident or event in Incident Response scenarios. As a deepening of the topic, External Threat Intelligence (ETI) mainly focusses on the combination of internal risk data with threat intelligence originating from outside of the organisation.

read more

CEO insights: 3 trends for 2021's cybersecurity

The year 2020 has brought us many different events and experiences, all with varying levels of impact. Physical events have impacted the digital world, and cybersecurity incidents have had their effect on the way we live. Remember the Citrix incident early this year? That prohibited many from working remotely, resulting in massive rush hours traffic jams as everyone travelled to the office. Almost the exact opposite of what COVID-19 has done to our way of working. But what does this mean for 2021's cybersecurity? And what evolving threats should you prepare for? Three cybersecurity CEOs share their views, predictions, and tips. 

read more

Do you have a question?

Our experts have the answers

Contact us