Top 10 Cyber Security Challenges for CXOs in 2021

Editor’s note. These predictions were drafted a few weeks ago before the explosive #SolarWindsHack story broke Sunday Dec 13th, 2020. They are candid professional assessments and therefore very stark. If you are experiencing ANY mental health challenge, seasonal depression, or simply feeling stressed-out during an incident response at the moment - please consider bookmarking this page and coming back to it later when you’re feeling better!

1. Ransomware is officially the Apex Predator. At the dawn of this new decade, cyber attackers find themselves with lucrative motivations to attack, and more resources than their most powerful victims. These online organized crime gangs also fight dirty - asymmetrically without rules. A brutally efficient exploit, command & control, and extortion supply chain has evolved as a result - to create the most formidable threat to cyber security in history.

2. Nation-state and Ransomware techniques merge. Financial incentive of incorporating advanced nation-state cyber espionage techniques encourages further sharing by cyber mercenaries. Stealthy anti-forensic and counter-incident response malware & techniques are sold via darkweb supply chains, yielding Ransomware which evades the latest pattern-matching technology, such as user behavioral analysis augmented by machine learning.

3. Ransomware gets (much) faster. Agile attacks accelerated via automation are removing human resource and time limitations, reducing kill chain impact on victims from months to minutes. Best-in-class cyber security strategies such as defense in depth are no longer enough to keep up.

4. Defense in C-I-A triad balance rises to the fore. Native controls laser focused on agile threats are needed for modern cyber security. Compensating controls degrade from diminishing, to negative returns. Confidentiality and Availability solutions have kept up with Cloud and Big Data technology trends, while Integrity solutions have not. Streaming Integrity technology will fill the large gap left as a result, bringing essential balance back to the C-I-A triad with automated targeting and mitigation of more new agile cyber threats than ever.

5. Ransomware gets personal. Unchecked Machiavellian tactics continue to spread victim pain beyond organizational boundaries. Cyber crime gangs will target internal and external organizational stakeholders directly. Executives, staff and board members, customers, patients and users of various public services will be individually extorted, as the abundance of stolen PII data gets mined via modern ‘evil marketing analytics’. Scareware crosses boundaries from the digital to the physical realm.

6. Cyber crime laws get tougher. As a result of the above, voter and lobbyist pressure on increasingly active governments will accelerate momentum to introduce more cyber victim carrots and sticks. Broad government cyber assistance programs will fund better cyber defenses proportionally for small, medium and large businesses. At the same time, stricter victim fines and criminal charges for paying ransoms, will begin cutting off some of the vital air supply of organized cyber crime gangs.

7. Unprecedented data transparency. As Blue Teams engage more closely with Red Teams, Pen Testers, Bug Bounty hackers, and even learn from professional cyber attackers - Survivorship Bias - gets formally recognized in security analytics, threat hunting and DFIR. As a result, streaming telemetry (i.e. log) integrity is no longer assumed or implied. It is explicitly verified before consumption by SIEM correlation rules, dashboards, SOAR systems or audit reports. Attacker tampering of indicators with impunity via privilege escalation (most dangerous and common insider threat) no longer slips below the radar as a false negative.

8. MITRE ATT&CK processing incorporates Survivorship Bias. Coarse-grained anti-forensic techniques such as ‘Indicator Removal’ and ‘Timestomping’ are complemented by additional high resolution techniques and sub-techniques under the ‘Defense Evasion’ category. Subsequently they get prioritized in all related analysis to maximize visibility and veracity of all MITRE ATT&CK mapping. Specifically, all indicators are explicitly verified to reveal previously invisible tampering, before analysis.

9. Cyber Risk gets granular. Commoditized anti-forensic and counter-incident response techniques mean organizational leaders can no longer apply traditional actuarial table approaches to estimate generic cyber risk. Defense in balance enables unprecedented full visibility into complete organizational digital risk in real-time. Visibility in aggregate and micro-targeted to any level. Rich, transparent, data-driven analysis enables new agile underwriting which is atomically combined with enforcement of specific, actual risk. That enables ‘shrink-wrapped’ cyber insurance policies with materially lower premiums as a result.

10. Vicious ‘cyber circle’ completes with Defense in Balance. Increased blue team visibility into stealthy anti-forensic and counter-incident response techniques, developed for cyber espionage, results in open-source adoption of these advanced stealthy techniques by organized cyber crime gangs. That will raise the blue team bar in return. Ultimately this ‘cyber circle’ completes and C-I-A triad defense in balance darwinistically emerges as a new InfoSec best practice.