What should CISOs do this year?

The past year proved to be challenging for Chief Information Security Officers (CISOs) across industries. From mass migration from onsite to remote working, the corporate world saw just how important it was to have security teams to ensure business continuity.

In the coming months, CISOs and their security teams will be busy (to say the least) managing the potential challenges that lie ahead. Lessons learned from the Microsoft, and SolarWinds attacks reaffirm the need to be ready for just about anything this summer.

Supply chain attacks such as these are a major coup for hackers as their malware was nicely packed into trusted software. While impacted businesses try to sort out the damage from the attack, they also must figure out how it could go undetected for almost a year.  In short, it should never happen again.

So, what should CISOs do this year? Let’s take a look.

Secure your remote workforce

Employees aren’t coming back to the office in droves as we imaged a year ago. Work from home initiatives will continue in most parts of the world for the foreseeable future. This makes it critical to ensure security by fortifying enterprise infrastructure and by getting users ready for social engineering attacks.

But phishing attacks aren’t the only problem. As employees continue to use their own devices, it’ll continue to create issues for network security teams. If you don’t already have a plan to monitor these devices, it’s best to formulate one immediately. At the same time, it’s important to enhance identity and access management protocols to prevent credential theft.

Get ready for ransomware, everywhere

Ransomware has become the go-to approach for threat actors. As hackers get more creative with their attacks, you would probably see an explosion of ransomware attacks this year.

This situation is also made worse by nation-states engaging in ransomware attacks. As such, we can expect more multi-staged attacks and brute force attacks (to get admin passwords and create a backdoor).

If they manage to get into your network, malware is immediately deployed to find endpoints. Once completed, the ransomware is launched, crippling the network. This makes it critical to take a proactive approach to cybersecurity.

Protect against insider threats

When I talk about insider threats, I’m not talking about your staff. In the new normal where most of us work remotely, you must think about other people that access the same WIFI. For example, the smart doorbell camera or other IoT devices connected to the same network will increase your risk exposure.

Such vulnerabilities could lead to a rise in stolen credentials. In this scenario, a VPN can’t protect your employees connecting to your network. This means that CISOs and their security teams need to be on high alert all day, every day.

Prepare for 5G

5G has the potential of going mainstream this year. This makes it crucial for security teams to prepare for 5G security challenges. We don’t know how bad actors will leverage this technology to breach enterprise infrastructure, but it’s important to try and determine potential vulnerabilities and resolve them.

Whenever it isn’t possible to do it in-house, it’s best to hire some whitehat hackers. This approach could also help you better manage remote workforce security.

As the threat level evolves and gets more sophisticated rapidly, CISOs and their teams will have their work cut out for them.

If you’re looking for ways to better secure your enterprise infrastructure, we can help. Reach out to one of our in-house security experts.

to top