Cyber-skills Shortage

“Cybersecurity is a sector that’s managed to grow during the coronavirus pandemic and its importance will only increase in the coming years. Yet despite all the opportunities on offer, there simply aren’t enough well-trained, highly-skilled security professionals to fill all the jobs - and this problem will get worse. Automation is one way organisations can help plug the skills gap, because it can aid training as well as help with staff retention by freeing analysts from repetitive, manual tasks. Security staff are in short supply, so it pays to give them tools which make their life easier and more fulfilling.” - Faiz Shuja, Co-Founder & CEO of SIRP, a Risk-Based SOAR platform

The Evolution of Ransomware

“I’m afraid to say that ransomware will continue to be a problem over the next year - so organisations and individuals need to start making preparations immediately. Ransomware was the most observed threat of 2020 and the number of attacks will increase in 2021. Many organisations focus on protection technologies, but these safeguards can be bypassed by advanced attacks. This year, the focus needs to be on detection and response.” - Faiz Shuja, Co-Founder & CEO of SIRP, a Risk-Based SOAR platform

“Ransomware groups will continue to become more aggressive and sophisticated next year. But as attacks ramp up in severity and complexity, there will be some confusion about what to do when attackers demand a ransom. The U.S. Department of the Treasury’s Office of Foreign Assets Control recently issued a directive which warned companies that paying ransoms could result in sanctions, due to the risk of money being used to “fund activities adverse to the national security and foreign policy objectives of the United States”. Will companies be punished for paying ransoms – or is the government erring towards victim blaming? This issue will be a point of confusion in 2021.” - Carolyn Crandall, Chief Security Advocate at Attivo Networks

Artificial Intelligence Arms Race

“Attackers are now using artificial intelligence to break encryption, crack passwords and perform behavioural analysis. Essentially, they are using the same tools as defenders, but have several key advantages. When defenders make mistakes, it’s a big deal because they could generate false positives or miss alerts. When an attacker does something wrong, they can just try again and get better - especially if they’re well-funded and backed by a nation state. Hackers’ use of AI and machine learning will increase in the coming year, but it’s only the beginning of a wider arms race. Soon attackers will also start to use quantum computing - which is something we should all be very concerned about.” - Carolyn Crandall, Chief Security Advocate at Attivo Networks