Virtualization Technology News and Information
Guardicore 2021 Predictions: Ransomware, Nation-States, and the Rise Of Segmentation

vmblog 2021 prediction series 

Industry executives and experts share their predictions for 2021.  Read them in this 13th annual series exclusive.

Ransomware, Nation-States, and the Rise Of Segmentation

By Dave Klein, Senior Director of Cybersecurity, Guardicore

2020 may have been the most difficult year for cybersecurity yet. Ransomware devastated industries from financial services to healthcare and others, while nation-states proved they're better at hiding than ever before. As these threats are unfortunately sure to expand in 2021, it's hard to overstate the critical role CISOs will play this year.

On the cyber threats that are looming large in 2020, and set to expand in 2021.... 
  • Ransomware will continue to be very devastating. The attacks are now heavily targeted and implemented by very sophisticated criminal organizations who do their homework. Furthermore, most now have a data exfiltration and blackmail component where they heist your intellectual property or PII you may have on hand, and threaten to release if you don't pay. Even worse, they are no longer looking for $100 to unlock your personal laptop. These criminals are hijacking large corporations like Pemex and Garmin and taking down their entire computing infrastructure.  The final thing is where they once were avoiding attacking healthcare facilities, they now have chosen to specifically attack them and in one case in Germany actually leading to a fatality.
  • Nation state actors are doubling their efforts in espionage and are now threatening real-world, physical targets.  We've seen them become more brazen going after water treatment plants in Israel for example to attempt cause real world harm and even deaths.  In the US and the UK we've seen major government warnings against power grid/critical infrastructure targets.   Finally, we've seen attacks by Nation state actors in China and Russia against US, UK and Canadian COVID-19 vaccine research.  These two countries are not only trying to steal the work being accomplished but are even trying to sabotage/hinder the research being done.  Even more egregious there are claims that these two countries are trying to effect refrigeration in the distribution of these vaccines, all of which need refrigeration to work.
On the strategies CISOs should follow in 2021.... 
  • CISOs need to make the above threats a board room discussion and seek funding for cyber initiatives. Organizations that are successfully countering the threat of cyber-attacks are typically pursuing at least seven strategies. It's important to note however that no organization can say that it's cyber defense strategies are complete. It's a rolling process. 
  • CISOs can simplify and prioritize the work in a systematic fashion by incorporating the Zero Trust framework. By simply starting, you improve your chances of detecting attacks and you increase your chances of defending against them. In cases where you are hit, you improve the chances of surviving and recovering gracefully.
  • CISOs must adopt micro-segmentation practices. As Zero Trust discusses, the end of the enterprise edge is nigh. We need to move away from the reliance on perimeter firewalls/edge security and instead shore up our software-based segmentation throughout our enterprise workflow. With software-based segmentation you replace the complexity of VLANs, firewalls and cloud security groups with a platform agnostic, simplified, fast and granular method to segment across your entire environment.  Even when applied sparingly you decrease an attacker's ability to land and even more to move laterally across the environment.  Add to this software-based segmentation to allow for identity based segmentation which when working from home allows us to better secure our critical applications and infrastructures as users work from home. 
  • CISOs need to plan for this "new normal" to continue into 2021. Even after the vaccine is distributed, we will find that since our workforce was able to work remotely, some of this will continue on forever more, permanently changing how we work and collaborate.  Therefore, it is important that CISOs look at their remote workforce and find better methods for access.  For example, looking at VDI platforms to better control the user.  Using identity based, zero-trust software-based segmentation, SDN and other methods for access that transcend legacy VPN methods of connectivity is required.


About the Author

Dave Klein 

Dave Klein is Senior Director Engineering & Architecture at Guardicore. He has over 20 years of experience working with large organizations in the design and implementation of security solutions across very large scale data center and cloud environments. At Guardicore, David leads the engineering team in North America, assisting Guardicore customers in architecture and implementation of advanced data center security solutions for micro-segmentation and for the detection, containment and remediation of security breaches.

Published Friday, January 22, 2021 7:47 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2021>