Industry executives and experts share their predictions for 2021. Read them in this 13th annual VMblog.com series exclusive.
Overextended CISOs, ERP Systems and Application Security
By Ansh Kanwar, GM
of Products and Technology, Onapsis
As this unprecedented year comes to a
close, there are many lessons to be learned, especially when it comes to
cybersecurity. Due to the rapid shift to remote work, we saw a drastic increase in cyberattacks, breaches,
and threats. To combat these attacks in 2021, organizations need to
prioritize cybersecurity by focusing on the right tools, getting ahead of
potential risk factors, and adapting their cybersecurity models to meet the
stringent requirements of the new normal. With attacks increasing and maturing
in sophistication, CISOs and security teams won't have it easy in 2021. So while
no one can predict the future (especially this year), I believe these three key
cybersecurity trends will unfold in 2021:
1. Overextended CISOs
Must Do More with Less
In 2021, CISOs will
have tighter budgets and will be under pressure to consolidate vendors, tools,
and software. Even though the pandemic has put cybersecurity at the forefront
of concerns for organizations, CISOs will have to protect their organization with
less.
These constraints, combined
with continuing migrations to the cloud, will create extended enterprises being
overseen by overextended CISOs. Since they can't hire scores of experts
in-house to protect their organization, CISOs will fill that gap with
technology and vendors, but will try to make fewer tools do more for them.
CISOs will move away from point products and turn to comprehensive toolsets,
platforms, and product suites that span across applications and departments.
They will look for one-stop shop solutions that solve multiple security needs
and have cross-team functionality. This will allow for cost efficiency without
lowering the overall security posture of the
organization.
2. ERP Systems Will Be
a Driving Factor in Supply Chain Risk
2020 was the year
of unpredictability, especially for supply chains, both physical and digital.
Systems broke down many ways, revealing vulnerabilities, and cyber threats were
at an all-time high. In fact, we saw more awareness of these potential negative
consequences in 2020 with alerts from the DHS and US-CERT. A high-profile
example of this is the recent SolarWinds supply chain attack, that deployed
malware to Orion Software to infect networks of multiple US companies and
government networks.
Next year, CISOs
will need to prioritize third-party risk and realize that ERP systems are a
driving factor in supply chain protection. If something happens in one of these
systems, it can have severe consequences, including halting manufacturing
lines, shipments, sales orders, and more. Moving forward, CISOs must prioritize
the security of these mission-critical business applications.
3. No More Excuses:
Time for Application Security Plans is Now
Over the years, many
security trends have created new sectors in the industry, such as perimeter and
endpoint security models. With the shift to remote work in 2020, we saw the
most cyberattacks, breaches, and vulnerabilities targeting applications than
ever before. In fact, the 2020 Verizon Data Breach Investigations Report (DBIR) found
that 43% of data breaches are tied to web application vulnerabilities-which
more than doubled year over year.
Because of this,
application security from the core to the cloud, especially for
mission-critical applications such as ERP,
CRM, PLM, HCM, SCM and BI, will emerge as the frontier of security priorities for
organizations in 2021. It will no longer be acceptable to assume
applications are secure because they are behind a firewall or that data from
those applications are protected because they're in a virtual data center.
CISOs will need to have explicit visibility and control over each application,
along with how they all interact. CISOs must take control of this problem and
create an application security plan. Moving forward, this will no longer be
optional.
Only time will tell if these trends come true, but one thing is inevitable:
cyberattacks will continue and will only increase in sophistication. 2020 was a
challenging year, to say the least, but 2021 will bring its own set of unique
challenges. CISOs and security teams will need to stay on their toes and not
let their guards down in order to protect their organization from cyber threats
in the future.
##
About the Author
As
General Manager of Products and Technology of Onapsis, Anshuman is passionate
about leading product and technology teams that deliver high-quality
business-critical software. His background is in product management, agile
software development, security, cloud computing, data center & network
infrastructure and devops-at-scale. Over the last 18 years he has worked for
Citrix Systems and LogMeIn in various technical and technology management
roles. He studied Computer Engineering at Delhi University and the University
of California, Santa Barbara and management at the Sloan School of Management (MIT).
He believes that great companies are built by collaborative, adaptable,
high-trust teams and that good management begins with making others successful.