{"id":15064,"date":"2021-02-01T11:21:29","date_gmt":"2021-02-01T10:21:29","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=15064"},"modified":"2021-02-01T13:58:03","modified_gmt":"2021-02-01T12:58:03","slug":"ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/","title":{"rendered":"CISO, between post-COVID world and persistent threats, what are the priorities for 2021?"},"content":{"rendered":"

Since\u00a0the last edition of the radar<\/a>, the world has been hit hard by\u00a0an unprecedented viral pandemic<\/a>. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against this twin backdrop of public-health and economic crises, what should you do to plan for 2021? And what are the trends to watch to assure cybersecurity in large organizations?<\/p>\n

One fundamental theme won\u2019t change: the threat \u2013 the starting point for all thinking about cybersecurity. In our view, unsurprisingly, ransomware will remain the major threat facing businesses. Since the end of 2019, and the exploits of\u00a0Maze<\/strong>,\u00a0Sodinokibi<\/strong>, and, more recently\u00a0Egregor<\/strong>, these destructive attacks have been paired with massive data exfiltration \u2013 adding a new dimension to criminal blackmail operations. All types of organizations are affected: from local authorities, through SMEs, to large international groups \u2013 wherever they are in the world.<\/p>\n

In addition, as we recently discussed in\u00a0Le Monde<\/em><\/a>, cybercriminal operations have become\u00a0highly professionalized<\/strong>, ensuring the perpetrators reap a\u00a0return on their considerable investments<\/strong>. These investments will enable them to mount increasingly deep, and technically sophisticated, attacks in the future \u2013 attacks that will have no qualms about\u00a0targeting activities that are core to business functions<\/strong>\u00a0(such as industrial networks, payment systems, etc.). In 2021, the stakes in\u00a0the tug of war over the payment of ransoms<\/strong>\u00a0are likely to be raised \u2013 with a determined effort by criminal groups to achieve higher\u00a0profile<\/strong>\u00a0attacks.\u00a0We saw some early signs<\/strong>\u00a0this year with the use of\u00a0sophisticated procedures<\/strong>: from an attack being announced via Facebook advertisements, through direct negotiation with patients in healthcare-sector attacks, to the printing of ransom demands via in-store cash registers\u2026 There will be a need to anticipate such situations to the maximum extent possible, either by simulating them in crisis exercises or by tailoring specific, well-thought-out responses in advance.<\/p>\n

In addition to the many-headed beast of ransomware, our teams out in the field anticipate strong growth in two other threat areas in 2021. First,\u00a0indirect attacks, using third-party services<\/strong>: cybercriminals are heavily focused on circumventing the security arrangements of major players by exploiting vulnerabilities in their less-protected partners or targeting their IT service providers. In addition,\u00a0attacks that target cloud-based systems are expected to accelerate and manifest new types of compromise<\/strong>. Exploiting vulnerabilities in identity and access management (IAM<\/strong>), in particular via supplier APIs to compromise ever more critical areas of business, will be one of the hallmarks of incidents in 2021. Today, this area represents a real challenge for IT teams, who are still much too unfamiliar with the fast-developing particularities of these platforms.<\/p>\n

Faced with such a range of threats, CISOs will need to be both agile and robust, especially in their mastery\u00a0of security fundamentals<\/strong>\u00a0(in particular, the Active Directory, the application of patches, and multi-factor authentication) and in solidly demonstrating their\u00a0cyber-resilience<\/strong>\u00a0capabilities (with ever-more demanding commitments in terms of reconstruction times and the ability of business functions to be resilient without IT capacity).<\/p>\n

In parallel, there are several areas that will be central to developments in IT departments, and CISOs can turn them into\u00a0opportunities<\/strong>\u00a0to improve cybersecurity within their organizations. In particular, we have in mind \u201cDigital Workplace\u201d projects \u2013 and the work to optimize available security measures, which will have to be done against the current backdrop of constrained budgets. Previous years\u2019 investments in cybersecurity have often added new functionalities that are little known or used, especially when it comes to the cloud. Looking to these may offer a way to improve cybersecurity at lower cost.<\/p>\n

From a regulatory perspective, 2021 will see another increase in issues linked to\u00a0cyber borders<\/strong>\u00a0or even cyber-protectionism. It will mean considering demanding\u00a0isolation and protection requirements<\/strong>, and also the issue of the interconnection of\u00a0new and little-known systems<\/strong>\u00a0(for example, Alibaba in China, Yandex in Russia, etc.) with organizational networks.<\/p>\n

In terms of technological developments to keep in mind, we have identified three trends:\u00a0Zero-trust,\u00a0Confidential Computing<\/a><\/strong>, and\u00a0Quantum Computing.<\/strong>\u00a0We discuss these in more detail below and set out the minimum level of monitoring that you should plan for.<\/p>\n

Threats are becoming more complex and resources increasingly limited\u2026 CISOs will need to demonstrate their agility in 2021, by addressing a range of issues while still maintaining a clear strategic direction: they\u2019ll need to be able to protect their organizations against cyber criminals while supporting, or even developing, new digital uses.<\/p>\n

\"\"<\/figure>\n
\n

Methodology<\/h2>\n<\/div>\n
\n

The\u00a0CISO Radar<\/strong>\u00a0is a tool that Wavestone has developed and published since 2011. More than\u00a040 experts<\/strong>\u00a0meet\u00a0three times a year<\/strong>\u00a0to discuss news and key topics, based on what they\u2019ve observed while working with Wavestone\u2019s clients. This assessment includes all Wavestone\u2019s offices \u2013 from New York to Hong Kong \u2013 taking in Paris and several others.<\/p>\n

Every year, the Radar presents\u00a0a broad selection of the topics that CISOs have to grapple with in their role<\/strong>. It covers over 100 topics, which are considered and analyzed by our experts.<\/p>\n

\n
\n
\n
\n
\n
\n
\n
\n
\n

It\u2019s presented as a series of dials covering\u00a0key themes<\/strong>\u00a0(identity, protection, detection, risk management, compliance, and continuity)\u00a0on three levels:<\/strong>\u00a0Mature, News,\u00a0<\/strong>and\u00a0Emergent<\/strong>.\u00a0The \u201cMature\u201d level covers topics that every CISO can, and must, master. The \u201cNews\u201d level covers topics currently being addressed; these are new areas where initial feedback can be shared. The \u201cEmergent\u201d level covers topics on the horizon that are still little known or that have no obvious solutions. These topics are included to better predict future developments and prepare for their emergence in organizations.<\/p>\n

 <\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n

\n
\n
\n
\n
\n
\n
\n
\n
\n

What are the threads to develop in 2021?<\/h2>\n

Mastery of cybersecurity fundamentals<\/h3>\n

Patches not being applied; weaknesses in Active Directories; vulnerabilities in attack channels\u2026 In 2020, cybercriminals have regularly reminded us of the importance of mastering cybersecurity fundamentals. Unsurprisingly, we believe these fundamentals will remain key in 2021 \u2013 a time when cyber attackers are likely to remain highly opportunistic (58%<\/strong>\u00a0according to an assessment of recent incidents where Wavestone has\u00a0provided support<\/a>) and where we continue to see a daily stream of new fixes to critical vulnerabilities.<\/p>\n

Now is the time for cybersecurity teams to act on their responsibilities: they can no longer operate in the background in their key areas \u2013 such as the management and maintenance of security, which are core to digital trust and other key systems. CISOs will need to be robust and responsive in opening up these areas with production teams. We should note that startups like\u00a0Hackuity<\/a>\u00a0can bring new impetus and help unlock the complex process of vulnerability management.<\/p>\n

Consolidate work on cyber-resilience<\/h3>\n

For several years now, cyber-resilience has been a phrase on everybody\u2019s lips \u2013 and rightly so. As we observe, cybercriminals are an increasingly active menace. It\u2019s no longer a question of \u201cWill we be attacked?\u201d\u00a0but \u201cWhen<\/em> will we be attacked?\u201d\u00a0 Against this backdrop, it\u2019s essential to have in place an appropriate strategy and be prepared to respond to an attack \u2013 by limiting its impact, in order to restart as securely and quickly as possible. In 2021, the involvement of business functions will remain an issue that continues to occupy security teams as they work to increase efficiency.<\/p>\n

Nevertheless, we\u2019re now seeing a new trend in cyber-resilience: CISOs are increasingly being asked to provide concrete evidence of the organization\u2019s capacity to resist and recover from a cyber-attack. Percentage of production capacity preserved in the event of a loss of IT and the resilience of business activities; the precise timescale for rebuilding core confidence; and the restoration of data under time constraints\u2026 Both regulators and business leaders are asking for guarantees and defined commitments to provide them with reassurance. In such a context, we should be prepared to push systems to their limits; for example, by conducting realistic reconstruction tests, working in partnership with operational teams.<\/p>\n

 <\/p>\n<\/div>\n<\/div>\n

\n

Which areas represent opportunities for cybersecurity?<\/h2>\n<\/div>\n

Continuing pressure to make progress on digital transformation<\/h3>\n
\n

It\u2019s a matter of fact that the public-health crisis has allowed many organizations to take major steps toward creating latest-generation digital workspaces. This situation presents a real opportunity for CISOs, who can capitalize on it by becoming involved in numerous innovative projects and help their organizations move to an in-depth,\u00a0<\/em>cloud-based approach.<\/p>\n

More than ever, it offers an opportunity for cybersecurity teams to deliver a step change in approach and overcome numerous long-standing challenges: the simplification of remote access, authentication that reduces the use of passwords (Passwordless), enhanced detection of data leaks, expansion of SOCs and cloud-related detection capacities, etc.<\/p>\n

Cyber-effectiveness<\/h3>\n

In a period when expenditure is under greater scrutiny than ever, CISOs must continue to rationalize the use of their budgets, while also demonstrating the effectiveness of the interventions they make. Given this, one of the first actions you should consider is the scope to capitalize on investments made in previous years: teams already in place and, for technical solutions or cloud-based services undergoing rapid changes, unlocking functionalities that can be easily activated at no additional cost. A genuinely rich seam to provide better security in the year ahead. In some areas, outsourcing may be an option in the interests of rationalizing costs.<\/p>\n

For some business sectors, cybersecurity may become, or may already be, a market differentiator. CISOs, then, have an opportunity to develop their role \u2013 by getting closer to the business functions and unlocking cross-functional projects that were previously unworkable.<\/p>\n

Borders in cyberspace<\/h3>\n

While the internet is often considered a borderless space, there is an increasing tendency among regulators, and some countries, to want to ringfence data within their borders and prevent it from being hosted elsewhere. This trend is firming in Europe, where we saw the GDPR come into effect in 2018, and, more recently, a ruling that\u00a0the US Privacy Shield is invalid<\/a>; but also in China and Russia, where new regulations are proliferating, some of which could be classed as examples of \u201ccyber-protectionism.\u201d<\/p>\n

As a result, many regulators and authorities are imposing rules that only encrypted data can be stored abroad, the key to which is a closely guarded secret (HYOK). This situation requires rethinking on data flows, the systems that will host them, and especially the need to adapt to local solutions. This presents a real challenge for CISOs; for example, when considering connections between the networks of global organizations that are using French, American, Russian, and Chinese systems\u2026 Integrating these systems into an overall cybersecurity approach is a real challenge in the face of their fragmentation and the difficulties in making a concrete assessment of the risks and the quality of the systems to be used.<\/p>\n

 <\/p>\n

\n

What are the emerging topics for 2021 and beyond?<\/h2>\n

Taking a new, entirely cloud-based approach, with Zero trust<\/h3>\n

Promoted by Forrester in the late noughties, use of the\u00a0Zero Trust<\/strong>\u00a0security model is on the rise. As a reminder, this system is the opposite of the traditional\u00a0castle<\/strong>\u00a0approach, which aimed to defend the periphery using sizable ramparts (i.e., firewalls), but which is gradually being rendered impotent in the face of new threats.<\/p>\n

Digital transformation has had profound impacts on system architecture and interconnections with third parties. As a result, it is no longer enough to protect oneself from the outside only; so much so, that even the concept of \u201cthe outside\u201d is no longer that meaningful: nowadays threats can more easily use their target\u2019s ecosystem to penetrate systems and compromise them. Access management, identities, and privileged accounts are central to the\u00a0Zero Trust<\/strong>\u00a0model \u2013 areas pertinent to many of the problems we face today. In 2021, businesses will continue their move toward the cloud. This provides a real opportunity to gradually base architectures and systems on the\u00a0Zero-Trust<\/strong>\u00a0principle, or, for latecomers, to begin to clear the way for it.<\/p>\n

Get ready for a data-protection revolution with confidential computing<\/h3>\n

One of the major challenges for the cloud remains that of trust with the various partners involved, especially when it comes to organizations\u2019 most sensitive data. In response to this problem, concepts like Confidential Computing and Data Privacy by Design have emerged gradually over recent years, in parallel with more concrete solutions.<\/p>\n

Among these,\u00a0homomorphic encryption<\/strong>\u00a0enables algorithms to encrypt data while maintaining the option of processing it, something that greatly reduces the risks of disclosure and data leakage. IBM is one step ahead here, and, in the summer of 2020, shared its open-source library,\u00a0HElib<\/a>, on the topic. French startups Cosmian and Zama are also active in the area.<\/p>\n

Lastly,\u00a0synthetic data<\/strong>\u00a0can also offer an original response to the issue. By using algorithms enhanced by artificial intelligence, synthetic data generators, such as the one offered by British startup Hazy make it possible to create data sets that retain the characteristics and logic of the real data without featuring that data in any way. Yet another way to avoid any risk of a data breach in the cloud.<\/p>\n

Anticipate longer-term threats from Quantum computing<\/h3>\n

Eight hours: this is the time it will take a sufficiently powerful and reliable quantum computer to undermine the security of our communications by breaking today\u2019s commonly used encryption algorithms.\u00a0The global technological race has already begun<\/a>, and companies and institutions must begin preparing themselves now, because considerable investments will be needed to put in place the required\u00a0technical migrations<\/strong>. Which data must be protected as a priority, because it needs to remain confidential in the years to come? Which clauses should I include in my contracts today, to ensure the systems I purchase are compatible with the new encryption solutions? And which providers can support these migrations?<\/p>\n

In France, several players have already taken the initiative for example the INRIA-Sorbonne spin-off\u00a0CryptoNext-Security<\/strong>\u00a0\u2013 the winner of several innovation competitions, which offers a quantum-safe cryptography solution that has already been tested by the French army for use with an instant-messaging application on mobiles.<\/p>\n

\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n

It\u2019s an area that raises many questions, which will all need to be rapidly addressed. One thing is certain though: CISOs will have a major role in these developments and need to anticipate the many related activities that will be required.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Since\u00a0the last edition of the radar, the world has been hit hard by\u00a0an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against…<\/p>\n","protected":false},"author":15,"featured_media":15061,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3270,2777],"tags":[3795,3519,3530,3794,3793,3792,3201,2834],"coauthors":[837,3485],"class_list":["post-15064","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy-en","category-cybersecurity-digital-trust","tag-2021-en","tag-ciso","tag-cyber-en-2","tag-emerging-topics","tag-opportunities","tag-priorities","tag-radar-en","tag-threat"],"acf":[],"yoast_head":"\nCISO, between post-COVID world and persistent threats, what are the priorities for 2021? - RiskInsight<\/title>\n<meta name=\"description\" content=\"Since the last edition of the radar, the world has been hit hard by an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against this twin backdrop of public-health and economic crises, what should you do to plan for 2021? And what are the trends to watch to assure cybersecurity in large organizations?One fundamental theme won\u2019t change: the threat \u2013 the starting point for all thinking about cybersecurity. In our view, unsurprisingly, ransomware will remain the major threat facing businesses. Since the end of 2019, and the exploits of Maze, Sodinokibi, and, more recently Egregor, these destructive attacks have been paired with massive data exfiltration \u2013 adding a new dimension to criminal blackmail operations. All types of organizations are affected: from local authorities, through SMEs, to large international groups \u2013 wherever they are in the world.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CISO, between post-COVID world and persistent threats, what are the priorities for 2021? - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Since the last edition of the radar, the world has been hit hard by an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against this twin backdrop of public-health and economic crises, what should you do to plan for 2021? And what are the trends to watch to assure cybersecurity in large organizations?One fundamental theme won\u2019t change: the threat \u2013 the starting point for all thinking about cybersecurity. In our view, unsurprisingly, ransomware will remain the major threat facing businesses. Since the end of 2019, and the exploits of Maze, Sodinokibi, and, more recently Egregor, these destructive attacks have been paired with massive data exfiltration \u2013 adding a new dimension to criminal blackmail operations. All types of organizations are affected: from local authorities, through SMEs, to large international groups \u2013 wherever they are in the world.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-01T10:21:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-01T12:58:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1453\" \/>\n\t<meta property=\"og:image:height\" content=\"1308\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"G\u00e9r\u00f4me Billois, Cl\u00e9ment JOLLIET\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00e9r\u00f4me Billois, Cl\u00e9ment JOLLIET\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/\"},\"author\":{\"name\":\"G\u00e9r\u00f4me Billois\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\"},\"headline\":\"CISO, between post-COVID world and persistent threats, what are the priorities for 2021?\",\"datePublished\":\"2021-02-01T10:21:29+00:00\",\"dateModified\":\"2021-02-01T12:58:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/\"},\"wordCount\":2340,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"keywords\":[\"2021\",\"CISO\",\"cyber\",\"emerging topics\",\"opportunities\",\"priorities\",\"radar\",\"threat\"],\"articleSection\":[\"Cyberrisk Management & Strategy\",\"Cybersecurity & Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/\",\"name\":\"CISO, between post-COVID world and persistent threats, what are the priorities for 2021? - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"datePublished\":\"2021-02-01T10:21:29+00:00\",\"dateModified\":\"2021-02-01T12:58:03+00:00\",\"description\":\"Since the last edition of the radar, the world has been hit hard by an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against this twin backdrop of public-health and economic crises, what should you do to plan for 2021? And what are the trends to watch to assure cybersecurity in large organizations?One fundamental theme won\u2019t change: the threat \u2013 the starting point for all thinking about cybersecurity. In our view, unsurprisingly, ransomware will remain the major threat facing businesses. Since the end of 2019, and the exploits of Maze, Sodinokibi, and, more recently Egregor, these destructive attacks have been paired with massive data exfiltration \u2013 adding a new dimension to criminal blackmail operations. All types of organizations are affected: from local authorities, through SMEs, to large international groups \u2013 wherever they are in the world.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg\",\"width\":1453,\"height\":1308,\"caption\":\"Vector businessman looking for future trends through binoculars - business and strategy metaphor - illustration in flat style\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CISO, between post-COVID world and persistent threats, what are the priorities for 2021?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity & digital trust blog by Wavestone's consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17\",\"name\":\"G\u00e9r\u00f4me Billois\",\"description\":\"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CISO, between post-COVID world and persistent threats, what are the priorities for 2021? - RiskInsight","description":"Since the last edition of the radar, the world has been hit hard by an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against this twin backdrop of public-health and economic crises, what should you do to plan for 2021? And what are the trends to watch to assure cybersecurity in large organizations?One fundamental theme won\u2019t change: the threat \u2013 the starting point for all thinking about cybersecurity. In our view, unsurprisingly, ransomware will remain the major threat facing businesses. Since the end of 2019, and the exploits of Maze, Sodinokibi, and, more recently Egregor, these destructive attacks have been paired with massive data exfiltration \u2013 adding a new dimension to criminal blackmail operations. All types of organizations are affected: from local authorities, through SMEs, to large international groups \u2013 wherever they are in the world.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/","og_locale":"en_US","og_type":"article","og_title":"CISO, between post-COVID world and persistent threats, what are the priorities for 2021? - RiskInsight","og_description":"Since the last edition of the radar, the world has been hit hard by an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against this twin backdrop of public-health and economic crises, what should you do to plan for 2021? And what are the trends to watch to assure cybersecurity in large organizations?One fundamental theme won\u2019t change: the threat \u2013 the starting point for all thinking about cybersecurity. In our view, unsurprisingly, ransomware will remain the major threat facing businesses. Since the end of 2019, and the exploits of Maze, Sodinokibi, and, more recently Egregor, these destructive attacks have been paired with massive data exfiltration \u2013 adding a new dimension to criminal blackmail operations. All types of organizations are affected: from local authorities, through SMEs, to large international groups \u2013 wherever they are in the world.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/","og_site_name":"RiskInsight","article_published_time":"2021-02-01T10:21:29+00:00","article_modified_time":"2021-02-01T12:58:03+00:00","og_image":[{"width":1453,"height":1308,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"G\u00e9r\u00f4me Billois, Cl\u00e9ment JOLLIET","twitter_misc":{"Written by":"G\u00e9r\u00f4me Billois, Cl\u00e9ment JOLLIET","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/"},"author":{"name":"G\u00e9r\u00f4me Billois","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17"},"headline":"CISO, between post-COVID world and persistent threats, what are the priorities for 2021?","datePublished":"2021-02-01T10:21:29+00:00","dateModified":"2021-02-01T12:58:03+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/"},"wordCount":2340,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","keywords":["2021","CISO","cyber","emerging topics","opportunities","priorities","radar","threat"],"articleSection":["Cyberrisk Management & Strategy","Cybersecurity & Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/","name":"CISO, between post-COVID world and persistent threats, what are the priorities for 2021? - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","datePublished":"2021-02-01T10:21:29+00:00","dateModified":"2021-02-01T12:58:03+00:00","description":"Since the last edition of the radar, the world has been hit hard by an unprecedented viral pandemic. This has piled on the pressure to fast track digital transformations set in a context of increasingly active cybercriminals and an ever-growing threat. Against this twin backdrop of public-health and economic crises, what should you do to plan for 2021? And what are the trends to watch to assure cybersecurity in large organizations?One fundamental theme won\u2019t change: the threat \u2013 the starting point for all thinking about cybersecurity. In our view, unsurprisingly, ransomware will remain the major threat facing businesses. Since the end of 2019, and the exploits of Maze, Sodinokibi, and, more recently Egregor, these destructive attacks have been paired with massive data exfiltration \u2013 adding a new dimension to criminal blackmail operations. All types of organizations are affected: from local authorities, through SMEs, to large international groups \u2013 wherever they are in the world.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/02\/Fotolia_62798858_Subscription_Monthly_M.jpg","width":1453,"height":1308,"caption":"Vector businessman looking for future trends through binoculars - business and strategy metaphor - illustration in flat style"},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2021\/02\/ciso-between-post-covid-world-and-persistent-threats-what-are-the-priorities-for-2021\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"CISO, between post-COVID world and persistent threats, what are the priorities for 2021?"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity & digital trust blog by Wavestone's consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8c7dc7008d92d9f59fb0c108c988cb17","name":"G\u00e9r\u00f4me Billois","description":"G\u00e9r\u00f4me Billois is a Partner at Wavestone in the Cybersecurity and Digital Trust practice. He graduated from the National Institute of Applied Sciences in Lyon. He has deep expertise in risk management and cybersecurity, developed over more than 15 years of experience. G\u00e9r\u00f4me is a board member of CLUSIF, a member of the ISO JTC1\/SC27 committee, responsible for information security standardisation, and a founding member of Club27001, a non-profit dedicated to promoting the ISO 27001 standard. He holds CISA, CISSP and ISO 27001 PA certifications. G\u00e9r\u00f4me co-authored several books on cybersecurity (Eyrolles, Cepadues, Wiley & Sons, Larcier), is a regular media and conference speaker (Assises de la S\u00e9curit\u00e9, ISACA, CLUSIF, CNIS, etc.), and gives university lectures.","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/gerome-billois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15064","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=15064"}],"version-history":[{"count":5,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15064\/revisions"}],"predecessor-version":[{"id":15071,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/15064\/revisions\/15071"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/15061"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=15064"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=15064"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=15064"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=15064"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}