What should CISOs do this year?

In the coming months, CISOs and their security teams will be busy (to say the least) managing the potential challenges that lie ahead. Lessons learned from the Microsoft, and SolarWinds attacks reaffirm the need to be ready for just about anything this summer.

Supply chain attacks such as these are a major coup for hackers as their malware was nicely packed into trusted software. While impacted businesses try to sort out the damage from the attack, they also must figure out how it could go undetected for almost a year.  In short, it should never happen again.

So, what should CISOs do this year? Let’s take a look.

Employees aren’t coming back to the office in droves as we imaged a year ago. Work from home initiatives will continue in most parts of the world for the foreseeable future. This makes it critical to ensure security by fortifying enterprise infrastructure and by getting users ready for social engineering attacks.

But phishing attacks aren’t the only problem. As employees continue to use their own devices, it’ll continue to create issues for network security teams. If you don’t already have a plan to monitor these devices, it’s best to formulate one immediately. At the same time, it’s important to enhance identity and access management protocols to prevent credential theft.

Ransomware has become the go-to approach for threat actors. As hackers get more creative with their attacks, you would probably see an explosion of ransomware attacks this year.

This situation is also made worse by nation-states engaging in ransomware attacks. As such, we can expect more multi-staged attacks and brute force attacks (to get admin passwords and create a backdoor).

If they manage to get into your network, malware is immediately deployed to find endpoints. Once completed, the ransomware is launched, crippling the network. This makes it critical to take a proactive approach to cybersecurity.

When I talk about insider threats, I’m not talking about your staff. In the new normal where most of us work remotely, you must think about other people that access the same WIFI. For example, the smart doorbell camera or other IoT devices connected to the same network will increase your risk exposure.

Such vulnerabilities could lead to a rise in stolen credentials. In this scenario, a VPN can’t protect your employees connecting to your network. This means that CISOs and their security teams need to be on high alert all day, every day.

5G has the potential of going mainstream this year. This makes it crucial for security teams to prepare for 5G security challenges. We don’t know how bad actors will leverage this technology to breach enterprise infrastructure, but it’s important to try and determine potential vulnerabilities and resolve them.

Whenever it isn’t possible to do it in-house, it’s best to hire some whitehat hackers. This approach could also help you better manage remote workforce security.

As the threat level evolves and gets more sophisticated rapidly, CISOs and their teams will have their work cut out for them.

If you’re looking for ways to better secure your enterprise infrastructure, we can help. Reach out to one of our in-house security experts.