Experts discuss the threat landscape in 2021 and beyond

There is one group of professionals that clearly didn’t turn to bread-making to while away the hours during the lockdowns last year. Cyber criminals were as hard at work as ever, making the most of the opportunity to develop new exploits as workforces dispersed beyond the corporate security perimeter and started trusting frail home networks for business-critical applications. 

This has meant that chief security officers (CSOs) and other cybersecurity professionals have had to move fast to adapt to a new threat landscape. So, what are today’s security priorities? And is there hope for today’s beleaguered CSO? These were the questions behind a recent Senseon webinar called Protecting Organisations in the New Reality of Cyber Defence, which attracted 130 professionals from the cybersecurity sector.

I moderated a panel that featured Karla Reffold, chief operating officer at the cyber risk rating company Orpheus Cyber, and Malcolm Norman, chief information security officer at Wood, an engineering firm specialising in energy and the built environment. We were joined by Senseon founder and chief executive David Atkinson and covered a wide range of topics. Unsurprisingly, a major theme was how cyber threats have evolved in recent years. 

Perhaps the most obvious example of the growing threat facing CSOs was the SolarWinds data breach last year, which Microsoft president Brad Smith said was the largest and most sophisticated attack ever seen. Karla pointed out that the SolarWinds incident was so big that it risked creating the impression that cyber security simply wasn’t worth bothering with anymore. 

Continuing evolution in cyber threat complexity

But while such nation-state attacks will always be difficult to avoid, that shouldn’t detract from the fact that cyber security continues to be an essential guard against numerous everyday challenges, she said. David, meanwhile, noted that the SolarWinds attack was simply the latest in a continuing evolution in hacker capabilities. “We’ve seen this time and time again,” he said. “And we’ve got into the habit of quickly forgetting, as well.”

Another threat vector that is seeing significant evolution is ransomware, where the name of the game now is to infiltrate systems and extract valuable information rather than simply threatening to shut down systems. This new mode of attack is enabling hackers to ask for “humongous” ransom payments, said David, “and that attracts talent.” 

A third area of concern, particularly as companies have pivoted towards more flexible working practices over the last year, is cloud security. Karla stated that cloud providers won’t always provide the kind of information you would expect from a risk assessment with other technology suppliers. Also, smaller organisations might presume that cloud providers offer more security than they actually do.  

Technology tools such as AI triangulation are helping to mitigate these threats, but Malcolm made the point that there is also a human dimension to cybersecurity that needs to be taken into account. Talk of people being the weakest link needs to be eradicated in 2021, was his message. By combining cyber-aware technology and human expertise, companies can turn cyber defence into a selling point instead of a liability. 

Watch the full length webinar here:

About the author

Brad Freeman, Head of Threat Analysis, Senseon

Brad is an expert in his field, with over a decade’s experience conducting nationally significant cyber security investigations across the critical national infrastructure and telecommunications sectors. Drawing on his extensive industry experience and knowledge, Brad leads the threat analytics team at Senseon, and specialises in finding and uncovering advanced actors deeply embedded within clients’ infrastructure. Senseon.