"We expect to see a continuation of ransomware attacks on healthcare institutions and the exfiltration of sensitive data, with attacks specifically targeting pharmaceutical companies and institutions to harvest sensitive customer information for blackmailing and industry espionage."
Luis Simonet, Chief Information Security Officer (CISO), NXTsoft:
"We expect to see increased growth in data exfiltration in 2021. As companies are becoming better prepared to survive a ransomware attack without paying the ransom, e.g., isolating backups for recovery, bad actors are taking a different approach to increase the pressures on companies to pay. They are not just encrypting the data but also exfiltrating the data. Once they have possession of the data, they make a threat to expose the data if they do not receive payment."
Ian Wood, Senior Director and Head of Technology, Veritas Technologies:
"Ransomware will continue to be a huge security risk in 2021. It's proven far too lucrative for the criminals to just abandon it. This said, it's likely it will have to evolve further. …[E]fforts to invade networks will need to become more sophisticated, with likely growth of business email compromise (BEC) attacks, and even edge-device related network attacks."
Alex Holland, Senior Malware Analyst, HP:
"The rise of 'double extortion' ransomware, where victim data is exfiltrated before being encrypted, will particularly hurt public sector organisations, who process all manner of personally identifiable information. Even if a ransom is paid, there is no guarantee that a threat actor won't later monetise the stolen data."
Dave Klein, Director of Cybersecurity, Guardicore:
"Ransomware will continue to be very devastating. …[M]ost now have a data exfiltration and blackmail component where they heist your intellectual property and any Personally Identifiable Information (PII) you may have on hand and threaten to release if you don't pay."
Ara Aslanian, CEO, Inverselogic:
"Double extortion ransomware should be on the cybersecurity radar of every enterprise in 2021. [It] increases the danger by extracting a copy of the data before scrambling it. This not only causes immediate disruption to a company; it also creates an ongoing threat of data being released and the reputational harm that goes along with that."
Jonil Patel, CISO, Threat Protect:
"2021 will see a further increase in ransomware attacks following their growing prevalence throughout 2020. We fully expect these to become bigger, smarter and more dangerous, utilising the fact that people are working remotely and resources and budgets are being stretched more than usual."
Caleb Barlow, CEO and President, CynergisTek:
"Ransomware remains the most significant security threat to all enterprises. Ransomware operators realise that they can earn more and cause far more destruction by simply changing data versus locking it up or extorting it. When an adversary demonstrates they can change data, they break trust in an entire system."
Kevin Breen, Director of Cyber Threat Research, Immersive Labs:
"It's no question ransomware will evolve in 2021, and it's increasingly worrisome… These types of targeted attacks will continue to wreak havoc as threat actors get more creative, precise and targeted with their approach."
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic:
"The single biggest threat to enterprises across the world in 2021 is ransomware, which is continuing to evolve, [and] now including data extortion – threatening to publicly disclose stolen data."
Renato Mascardo, Chief Technology Officer, Accela:
"Tactically, the biggest enterprise security threat of 2021 has to be ransomware… It's too easy to own someone's infrastructure and there are so many vectors to attack. And companies are paying, so more hackers are trying and will keep trying."
Mike Convertino, Chief Security Officer, Resilience:
"In my opinion, the greatest security threat facing the enterprise today is an attack that's also targeting school districts, hospitals, and city governments around the world: ransomware. Data everywhere is at risk of being held hostage in this type of attack, which can delay critical medical and public services during this pandemic and currently amounts to billions in losses each year."
Chris Parker, digital security expert, WhatIsMyIPAddress.com:
"It might not be shiny or innovative, but ransomware attacks are still the biggest security threat in 2021. Cybercriminals thrive on disruption, and there's never been a more disrupted time in modern history, particularly in the digital age."
Adam Bangle, VP EMEA, BlackBerry:
"Ransomware is on the rise and looks set to become an even bigger menace in 2021. It's becoming the number one threat for businesses of all sizes… Last year we saw an increase in ransomware attacks targeting the healthcare sector – a sector that is far from prepared to fend off cyberattacks. With the uncertainty around the pandemic, it is becoming clear that attacks against healthcare will continue to be a significant issue this year."
Ulf Mattsson, Chief Security Strategist, Protegrity:
"The single biggest enterprise security threat of 2021 will be ransom-based attacks that expose sensitive data. There will be an uptick in attacks targeting increasingly profitable healthcare records and other types of high-value personally identifiable information (PII)."
Catherine Pitt, Global Vice President, Chief Security Officer at Plex Systems:
"Ransomware, propagated through phishing, will likely continue to be the biggest security threat of 2021… Manufacturers and other businesses with an extremely low tolerance for downtime are particularly vulnerable to this threat, a situation that is exacerbated by vague, often contradictory regulations."
Rotem Iram, Founder and CEO, At-Bay:
"This year, the ransomware epidemic will peak for enterprises. Insurance companies will decrease coverage, and scores of businesses will be at risk of default."
Mika Kujapelto, CEO and Founder, LaptopUnboxed:
"Ransomware attacks are the most significant security risk for 2021. Cybercriminals took advantage of COVID-19 when remote working created more vulnerability in organisations, making most of them bolder in profiting from their criminal behavior."
Mike Gruen, VP of Engineering & CISO, Cybrary:
"It really depends on how you define biggest, as ransomware will continue to be the most prevalent threat, state actors will always be the most capable threat, and IoT will be the most overlooked/underestimated threat."
Omkar Dharmapuri, Founder, TechLurn:
"Since we're still not recovered from the pandemic and likely to keep working remotely for quite some time, I expect that ransomware attacks will keep continuing to grow."
Kristen Bolig, Founder, SecurityNerd:
"It's likely that the number of cyberattacks on remote workers will continue to rise in 2021. Chief among them will be ransomware attacks."
Sivan Nir, Head of Research, Skybox Security Research Lab:
"The single biggest enterprise security threat will be the accelerated spread of targeted ransomware with new twists including data-stealing before encryption, adaption to attack cloud repositories, and the distribution of additional malware packages upon hitting a target."
Will Bass, Vice President, Cybersecurity Services, Flexential:
"COVID19 has accelerated a permanent increase in remote work that exposes organisations to greater ransomware risk as attackers target end users and home networks to enter corporate networks."
Alicia Lynch, VP & CISO, SAIC:
"With Criminal Threat Actors we will be facing an increase in Ransomware attacks. Particularly since it has matured to Ransomware As A Service on the Dark Web."
Mike Gruen, VP of Engineering & CISO, Cybrary:
"It really depends on how you define biggest, as ransomware will continue to be the most prevalent threat, state actors will always be the most capable threat, and IoT will be the most overlooked/underestimated threat."
Supply Chain
Ilia Sotnikov, VP, Netwrix:
"The urgent need to support distributed workforces has forced enterprises to accelerate their digital transformations... With sophisticated supply chain attacks, they will be able to compromise only one supplier, which will then domino into breaches across the whole chain, and enable cybercriminals to monetise their activities at an impressively high speed."
Tommy Gardner, CTO, HP Federal:
"One of the biggest enterprise security threats of 2021 is to the supply chain. Supply chain risks are an ever-present reality for hardware and software solutions in an enterprise setting."
Dave Stapleton, CISO, CyberGRX:
"Third-party breaches are the single biggest cyber threat out there today, and the incessant expansion of the supply chain is creating a massive opportunity for hackers."
Alyn Hockey, VP of Product Management, Clearswift, a HelpSystems Company:
"We work in such an interconnected world that an organisation is only as strong as its weakest link. Cyber criminals know this, and look for weaknesses in a third-party supplier to access their intended victim's systems. This can mean the whole supply chain is at risk."
Igor Andriushchenko, Director of Quality and Security – Engineering, Snow Software:
"Supply chain attacks of all sorts – from outsourcing IT and development providers to third-party libraries – will continue and become even more noticeable. As companies improve their own security posture, the third parties remain a blind spot and can provide a pathway into the target system."
Shamane Tan, Chief Growth Officer, Privasec & Founder, Cyber Risk Meetup:
"In 2021, we will see heightened risk in the supply chain management and our third- and even fourth-party suppliers can be at the forefront as the single biggest security threat as attackers continue to focus on the weakest link."
Todd Gifford, CTO, Optimising IT:
"The biggest risk security leaders in enterprise will focus on in 2021 in the wake of the Solarwinds breach is the risk posed by compromised software."
Brian Fox, CTO and Co-founder, Sonatype:
"Enterprises must pay heed to the attackhannel of the recent SolarWinds breach, and recognise that there is an incredible risk in not closely monitoring the software supply chain this year."
Jason Crabtree, CEO and Co-founder, QOMPLX:
"In 2021, as attackers seek dominance in victim networks, attacks against Active Directory and authentication, like the SolarWinds attack, will continue to dominate major ransomware and breach events."
Jacob Ansari, Chief Information Security Officer, Schellman & Company, LLC:
"The largest threat to enterprises in 2021 is further supply chain attacks. Both nation state threat actors and criminal enterprises will make use of weaknesses in the software supply chain to propagate attacks to a large number of victim organisations."
Harman Singh, Director, Cyphere:
"We shall see supply chain attacks taking centre stage in all forms of the security threat landscape… [The] SolarWinds incident showed how the product supply chain of an essential vendor to govt agencies and the biggest corporates can be poisoned to take over its customers."
Matt Wilgus, Principal, Threat & Vulnerability Assessment Services, Schellman & Company, LLC:
"The single biggest enterprise security threat for 2021 is going to be an organisation's vendor's partners. To simply call it supply chain risk is too simple and it isn't just an aftereffect of the Solarwinds breach. Even mature vendor management programs do not have much visibility into the vendor's suppliers."
Rick van Galen, Security Engineer, 1Password:
"Supply chain attacks are what deserve most of your attention in 2021, if they have not had it so far. The SolarWinds hack signifies the importance of understanding your suppliers - vendor management is essential."
Jeffrey Martin, AVP of Product, WhiteSource:
"The biggest security threat to enterprises in 2021 are massive supply chain attacks. As the SolarWinds breach demonstrated, these attacks can be undetected for a long period of time and can cause untold damage depending on the prevalence of the vendor."
Safi Raza, Director of Cybersecurity, Fusion Risk Management:
"The cyber incidents caused by supplier negligence are increasing at an alarming rate. The recent SolarWinds breach underlines the criticality of the third-party management programme… Given the massive scale and global media coverage of the SolarWinds incident, it is likely that we may soon start to see copycat supply chain attacks."
Henry Jiang, Chief Information Security Officer, Diligent:
"I believe the biggest enterprise security threat of 2021 will be supply chain attacks – particularly ones in which an attacker injects malware into a vendor's software."
Greg Murphy, CEO, Ordr:
"Phishing and ransomware may be more common, but the recent Solar Winds attack illustrates that supply chain attacks may be the biggest and most serious security threat in 2021 because they can impact so many organisations and are extremely difficult to protect."
Alicia Lynch, VP & CISO, SAIC:
"With Nation States, we will be facing more attacks on our Supply Chain. The SolarWinds Breach is the tip of the iceberg of what we can expect to see in 2021."
Amanda Finch, CEO, CIISec:
"In 2021, supply chain resilience will be key… [As a]ttackers will quickly realise that an apparently "hard" target can be penetrated by looking for easier prey further down the supply chain."
Rob Price, Global Solution Consultant, Snow Software:
"There will be a growth in 'Cloud Jacking' and 'Island hopping' as cyber criminals look to gain entry to their actual targets through weaker downstream systems that are connected with business partners and suppliers."
Alexander M. Kehoe, Co-Founder & Operations Director, Caveni Digital Solutions:
