"The single biggest enterprise risk for 2021 is that as the dust settles on the 2020 remote-work environment, are companies prepared to manage the prolonged IT risks associated with increased cloud usage and remote logins? Putting a band aid on last year's security strategy will cause long term IT risks."
Ed Bacco, Vice President, Enterprise Security Risk Group, ADT Commercial:
"Beyond the ever-present security concerns, including cyber, ransomware and insider threats, 2021 is likely to see an increase in… issues with employees adhering to corporate security policies."
Matthias Maier, Security Evangelist, Splunk:
"The great challenge that enterprise security teams face in the current climate is trying to protect data and employees from security threats, regardless of their location… the threat of shadow IT is real… the vulnerability of your supply chain is very real. The same goes for newly adopted technologies and poorly managed M&A… Therefore, in 2021 the single biggest threat to cybersecurity may well prove to be our continued absence from the solid four walls of the office."
Kunal Anand, Chief Technology Officer, Imperva:
"As organisations accelerated their digital transformation initiatives amid a global pandemic, IT migrated troves of information into data lakes with little or no visibility into what was actually being stored. Those mistakes will materialise into headline news in 2021 as data security is put front-and-centre after an insecure data lake leads to a data breach in the scale of petabytes."
Dave Stapleton, CISO, CyberGRX:
"COVID has changed the cyber landscape dramatically, forcing the acceleration of digital transformation efforts at the expense of risk and security."
Ryan Schonfeld, Founder & CEO, HiveWatch and RAS Security Group:
"One of the biggest security challenges for businesses in 2021 will be reimagining what organisational security practices and duty of care looks like in a decentralized work environment. Disinformation and increased cyber threats while employees work from inherently insecure home networks increase the complexity of an acute need to reimagine decades of legacy practices."
Tobias Knecht, Founder and CEO, Abusix:
"Badly secured and badly monitored home networks will be the biggest enterprise security threat of 2021. While Covid-19 has changed how and especially where we work, enterprises do not see or know about compromised resources sitting on the kitchen table right beside their employees' computers."
Neil Riva, principal product manager, JumpCloud:
"While the shift to remote work brought convenience and flexibility to distributed workforces, bad actors have evolved their approach to exploit weak links, like a worker logging into sensitive company resources through an untrusted network, or from a personal laptop, or accessing files for which they shouldn't have permission."
Shawn Burke, CSO, Sungard Availability Services:
"The single biggest security threat in 2021 will likely be attacks targeting homes and other endpoint network users… Personal devices will be used more often for business purposes, along with new dependencies on cloud services, further increasing network vulnerability."
Sivan Tehila, Director of Solution Architecture, Perimeter 81:
"2021 will be the year organisations face security consequences of the rapid shift to work from home."
Matias Katz, CEO, Byos:
"One of the biggest threats is WFH-driven: the increased occurrence of corporate network infiltrations allowing for unfettered lateral movement by adversaries, due in large part to the untrusted public and home Wi-Fi networks so widely used by workers outside of the office."
Morten Boel Sigurdsson, Founder and President of North America, Omada:
The single biggest upcoming security threat will be driven by the combination of three things (The Perfect Storm): The uptick in remote working;… unnecessary elevated access rights;… [and] hackers will continue to take advantage of the situation/FUD/desperation…"
Adrian Ludwig, CISO, Atlassian:
"In 2021 we will begin to see work from home-related malware and sophisticated attacks that move laterally within remote work infrastructures."
Henri Hubert, Lead Engineer - Secret Detection Team, GitGuardian:
"The world's workforce is becoming more remote and this is particularly true for software developers… As a result, enterprise secrets, such as API keys, are sprawling more and more, not only in the organisation repositories but also, in the worst-case scenario, ending on public GitHub."
Amir Nooriala, Chief Commercial Officer, Callsign:
"BYOD is poised to be one of this year's biggest security threats. COVID-19 forced many, if not all, enterprises to rely on digital platforms in an effort to maintain business continuity. This has resulted in a distributed workforce, with employees connecting to enterprise resources from their home network - often on their own devices (BYOD) via legacy VPN connections."
Justin Beals, CEO and Co-founder, Strike Graph:
"With the new remote work from home reality that has stretched into 2021, risks related to shadow IT and unsecure, unmanaged and unmonitored access to internal networks, services, apps and data from employee home networks will be common to most enterprises."
Will Bass, Vice President, Cybersecurity Services, Flexential:
"COVID19 has accelerated a permanent increase in remote work that exposes organisations to greater ransomware risk as attackers target end users and home networks to enter corporate networks."
Duncan Godfrey, Sr. Director of Security and Compliance, Auth0:
"While supply chain attacks are getting all the attention after the Solarwinds breach, in 2021 remote working will still pose the biggest Enterprise security threat. Enterprises went through a huge change in 2020 and are likely carrying a number of tactical band aid security and architectural solutions to support a remote workforce. Attackers will be adapting too."
Richard Rushing, Chief Information Security Officer, Motorola:
"One of the biggest threats stems from the biggest change: that the Enterprise security perimeter is now officially gone. The pandemic accelerated the shift to working remotely, which is now done at such a scale that all those high castle walls IT departments built around the office don't address today's problems."
Deepa Kuppuswamy, Privacy Expert and Information Security Architect, Zoho:
"The pandemic has caused a global change in how and from where employees access corporate systems and data… Having a distributed workforce makes patching more difficult for IT security teams… Enterprises do not have the real-time visibility required for threat detection. Vulnerability scans are missed as devices are not remotely accessible when required. Security Operation Centers (SOCs) relying on network perimeter logs will miss the security threats as traffic gets routed directly to the applications, rather than through the central corporate network. Often remote workers access business data from personal devices, which further complicates data security."
Liviu Arsene, Global Cybersecurity Researcher, Bitdefender:
"Infrastructure misconfigurations resulted from both the lack of planning for a pandemic type situation and the overnight overhaul of corporate infrastructures to support remote workforce will plague companies throughout the next year, as threat actors will likely exploit these blind spots to compromise organisations of all sizes and across all verticals."
Sarah Armstrong-Smith, Chief Security Advisor, Microsoft:
"In 2020 we saw rapid digital transformation acceleration across companies and sectors, and this will continue into 2021. Organised cybercrime and freelance attackers will continue to target businesses often via the remote workforce through phishing and business email compromise - with the goal of harvesting credentials, exposing vulnerabilities and ultimately accessing and compromising an organisations technology and data."
Niamh Muldoon, Senior Director of Trust and Security, OneLogin:
"Identity theft will be the biggest threat of 2021. This is based on digital transformation acceleration of 2020. During the pandemic we moved and digitalised our entire livelihoods to keep our professional and personal lives moving forward. However, …[a]dequate security controls were not implemented to protect and address the associated risk of identity theft."
Javvad Malik, Security Awareness Advocate, KnowBe4:
"The biggest security threat for 2021 will be social engineering. With more people working remotely, we've seen an increase in phishing and other social engineering scams take place over the year. Ransomware is primarily delivered through phishing, and many supply chain attacks are as a result of some form of social engineering."
Amanda Finch, CEO, CIISec:
Cybersecurity will face its toughest challenge yet as Brexit and COVID-19 meet. As with any chaotic, uncertain moment, attackers will be quick to exploit the situation… Individuals desperate to make ends meet could become more susceptible to joining the 'dark side', turning to cybercrime… On the other side, those still working may be more susceptible to falling victim to these attacks…"
Tom Lysemose Hansen, CTO, Promon:
"The single biggest security issue enterprises will face in 2021 will be the growing threat posed by malware that exploits vulnerable apps and targets user credentials… This is a particular concern as many have been forced to use their own insecure devices to access company networks… The widescale launch of the vaccine on the horizon as we move into 2021 provides yet another plausible means through which to launch a devastating attack on enterprises…"
Tal Zamir, CTO and Founder, Hysolate:
"The biggest enterprise security threat for 2021 would definitely be people. With literally everyone working remotely, laptops and their users now pose greater risk than ever."
Dr. Andy Lilly, CTO, Armour Comms:
"The single biggest threat is made up of a multitude of at-risk devices – namely every mobile phone that is not adequately secured. Almost every mobile phone contains sensitive financial or security data yet uses SMS or free consumer grade apps for business conversations, creating an attack vector for scammers, phishers, hackers and, if the target is of high enough value, nation-state actors."
Ransomware
Keith Price, Cyber Security Director, Littlefish:
"The number one security threat businesses will face in 2021 will likely be the risk of data exposure or loss triggered by targeted ransomware attacks. As a result, organisations themselves will be under increased scrutiny and have to tread carefully when it comes to regulatory compliance around their handling of data."
Chris Goettl, Director of Security Solutions, Ivanti:
"Ransomware is the most impactful threat that companies will face in 2021. The Double Exploit and hands on keyboard tactics being used in enterprise ransomware attacks continue to be very effective."
Kevin Curran, Professor of Cybersecurity, IEEE Senior Member:
"The biggest challenge in 2021 will remain ransomware. Once a device is infected, it will encrypt and potentially remove all documents along with attached network drives or backups. It is currently the deadliest scam and is set to increase with the rise of cryptocurrencies, allowing scammers to remain anonymous."
Chester Wisniewski, principal research scientist, Sophos:
"In many ways, it is almost impossible to predict where ransomware will go next, but the trend towards a widening gap between ransomware operators at different ends of the skills and resource spectrum is likely to continue into 2021."
Emily Heath, Chief Trust & Security Officer, DocuSign:
"Ransomware and ransomware as a service are likely to be a mainstay for 2021. The organisations behind these attacks are becoming more sophisticated and finding new ways to monetise their activities using common attack vectors like phishing and malspam campaigns to infiltrate organisations and compromise data and/or operations."
Igor Andriushchenko, Director of Quality and Security – Engineering, Snow Software:
"[R]ansomware attacks will continue – they may shift more into the area of industrial ransomware where the attacks are targeted in order to get the competitive advantage and stop the production for a long time. Ransomware as a service is getting more traction – where ransomware creators servicize their "product" and make it available to criminals at scale."
Samantha Humphries, Senior Security Strategist, Exabeam:
"We will continue to see strains of ransomware grow and evolve and ransomware as a distraction become more and more commonplace. It's, unfortunately, something that works really well for cybercriminals - too well."
Thomas Cartlidge, Head of Threat Intelligence, Six Degrees:
"Ransomware will remain the most prominent cyber threat to all organisations. The tactics of ransomware operators will evolve to ensure they continue to evade defences and pressure victims to pay. There will be an increased emphasis on leaking data online to extort victims, with an increased use of social media to amplify the pressure on victims."
Mick Cooper, Managing Director, iSYSTEMS:
"The biggest security threat of 2021 will remain ransomware. Not necessarily because the criminal gangs are become more sophisticated as many of the victims would have you believe, it is because they are becoming more organised, more efficient and are scaling up."
David Emm, Principal Security Researcher, Kaspersky:
"Since targeted ransomware will continue to develop, organisations of all kinds must take steps to secure their networks, including educating staff about the danger and ensuring that corporate data is backed-up regularly."
Jakub Kroustek, Threat Labs Team Lead at Avast:
