Navigating%20The%20Evolving%20Cybersecurity%20Landscape.png?profile=RESIZE_710x

This blog post offers cybersecurity predictions for 2021, emphasizing the evolving threat landscape and the need for continuous improvement.

 

 

 

 

Here is the verbatim discussion:
But remember that every time you do this it's it's it's different it changes the people are different you think well we all did this and we were great but yeah that was a year ago that was two years ago now the CFO is different the ciso is different the CIO is different so you're doing the sometimes you do the same thing with a different group of people because it may even be the same exercise I would update it hopefully but you remember that that the organization is always changing the world is always changing you know if we didn't exercise today because should be very different than what we would have done one year ago before covid hit you know so hard the reality is is that everything it's it's a moving Target um you're never done but I would celebrate success when you know you accomplish something you know have a party if you will no enjoy it you know you accomplish something move on um and uh and know that you're GNA constantly be hopefully improving it's not like a destination it's a journey and and so you want to constantly improve in in your approach to dealing with cyber threats yes that's a very important thing that you mentioned it's not destination it's a journey so so Dan um in in 2021 what what are some of the things which you think as as cyber Security Professionals we should look out for which could be some interestingTechnologies which could be some some interesting Trends anything that the Cyber Security Professionals should look at vote for in 2021 yeah thanks for asking I every year I do a a top 21 or top whatever the number is this is 2021 so 21 last year it was 20 for 20 for 2020 um I do the top um predictions from all the security vendors in the industry so you go to laurman on on cyber security Lohr MN laurman on cyber security and you'll see this list I do it I've done it annually for um about a decade now and it's not my predictions but it's what all the top vendors were saying so you know certainly a lot of of experts are pointing to ransomware getting you know evolving getting more complex um you know changing where you know a lot of times they're stealing the data before they encrypt it so um they're hitting you twice and if you don't pay they they threaten to release your data um ransomware is a big one working from home picas has changed so much you know threats are just coming in organizations in so many different ways people a lot of times use home computer equipment maybe home routers um even some of the technical difficulties we've had today see it's challenging when people aren't in the office so you know looking at their whole digital transformation which is really occurring at lightning speed the good news is there's a lot of really positive things happening the bad news is there's also more risks that are being introduced into business processes because people are working from home so a lot of the vendors are pointing to different things like they're saying your home network is is is like headquarters for the hackers and you know some very entertaining examples in that in that blog that people can go to and read about we can post the blog if people want to know that um but artificial intelligence is certainly and machine learning is becoming more and more Central um and it's being used against organizations so you need to be thinking hard about you know how are you going to automate a lot of your processes um that's a a big area and then one more I'll mention uh movement to the cloud I mean so much is moving to Cloud um you know Cloud security oh excuse me Cloud platforms and the cloud security is becoming so important um a lot of people say this in the US you know hey I'm moving all my data to the cloud I'm moving all my processes to the cloud you know Google does it better than we do or Microsoft does it better than we do or AWS um Amazon web services does it better than we do so but what they what they miss bicash is that you're still responsible for that end to-end Security even if you got an AWS server maybe they've got a great data center maybe they've got security practices but your people are still administering that or you're still running that business process or you're still running that end to-end security for your customers and your clients so you can't just say well I'm just Outsourcing it all to Microsoft or AWS so really uh Cloud security is becoming even more important and and really something that organizations need to really take a look at what is their processes is uh one word you know a term that we use a lot in the US is sassy s s a a s sassy s e um not not sassy like s SS y in the US is like you know it's s a uh sassy um look it up read about it it's certainly a hot a hot area for a lot of people sassy and uh zero trust correct so so interestingly what you mentioned and and and I fully agree with you the the attack surface all of a sudden has changed so dramatically for organizations yeah that today people actually don't know of all the assets they have they don't know the attack surface and and it's continuously changing even the home uh router the system which end user is using from home these are all now part of the extended attack surface right then you have the cloud and teams are creating new Cloud assets and Cloud interestingly scales everything it scales security it can also scale insecurity both together so I I'm a big believer of cloud and I believe that cloud in the long run is going to create a much more safer world if done right and I I am kind of very confident that we will do it right as an industry because because there is business in there so if there is a business driver it will get done right so uh but in the interim this time is very vulnerable because a lot of time people who are just moving to the cloud are not aware of the configurations uh the way it should be done a lot of people are not aware of mongodb having default the default kind of configuration is insecure so like uh since we monitor the kind of overall internet I I I recall I guess there there's around half a million open databases out there right now yeah which is quite crazy people just did notconfigure it right and these are all just out there open so so these are some very interesting new challenges but on top of it I I I would love to probably add one thing which is one of the biggest challenge which we as the industry face is that when it comes to security there are just too many things that we need every vendor is going to come and say you know what you need this you need that and none of these talks to each other so there is a need for consolidation of cyber security and how could that consolidation happen it could happen probably in many ways uh but one or a few interesting Trends which which are out there which could probably shape the future one is zero trust which is a in other words is a kind of consolidation right I mean you eliminate a lot of things and put everything into a single place.
 

Highlights

Ransomware: Growing complexity, with data exfiltration before encryption.

Work-from-home threats: Increased attack vectors due to remote work environments.

Digital transformation risks: Security challenges accompanying the rapid shift to digital processes.

Artificial intelligence and machine learning: Increased use by attackers, requiring automation of security processes.

Cloud security: Critical as more data and processes migrate to the cloud.

Shared responsibility model in cloud: Organizations remain accountable for security even with cloud-based services (SaaS).

Zero trust security: A potential consolidation approach to manage the growing number of security solutions.

 

Emphasizes the evolving cybersecurity landscape and the importance of adapting security strategies to address new threats and challenges. It highlights the need for consolidation within the cybersecurity industry to simplify security solutions.

 

Speakers:

Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.


https://twitter.com/govcso

https://www.linkedin.com/in/danlohrmann/


Bikash Barai
is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.

 

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/ 

 

 
 
 
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform