All Articles

But remember that every time you do this it's it's it's different it changes the people are different you think well we all did this and we were great but yeah that was a year ago that was two years ago now the CFO is different the ciso is different the CIO is different so you're doing the sometimes you do the same thing with a different group of people because it may even be the same exercise I would update it hopefully but you remember that that the organization is always changing the world is always changing you know if we didn't exercise today because should be very different than what we would have done one year ago before covid hit you know so hard the reality is is that everything it's it's a moving Target um you're never done but I would celebrate success when you know you accomplish something you know have a party if you will no enjoy it you know you accomplish something move on um and uh and know that you're GNA constantly be hopefully improving it's not like a destination it's a journey and and so you want to constantly improve in in your approach to dealing with cyber threats yes that's a very important thing that you mentioned it's not destination it's a journey so so Dan um in in 2021 what what are some of the things which you think as as cyber Security Professionals we should look out for which could be some interestingTechnologies which could be some some interesting Trends anything that the Cyber Security Professionals should look at vote for in 2021 yeah thanks for asking I every year I do a a top 21 or top whatever the number is this is 2021 so 21 last year it was 20 for 20 for 2020 um I do the top um predictions from all the security vendors in the industry so you go to laurman on on cyber security Lohr MN laurman on cyber security and you'll see this list I do it I've done it annually for um about a decade now and it's not my predictions but it's what all the top vendors were saying so you know certainly a lot of of experts are pointing to ransomware getting you know evolving getting more complex um you know changing where you know a lot of times they're stealing the data before they encrypt it so um they're hitting you twice and if you don't pay they they threaten to release your data um ransomware is a big one working from home picas has changed so much you know threats are just coming in organizations in so many different ways people a lot of times use home computer equipment maybe home routers um even some of the technical difficulties we've had today see it's challenging when people aren't in the office so you know looking at their whole digital transformation which is really occurring at lightning speed the good news is there's a lot of really positive things happening the bad news is there's also more risks that are being introduced into business processes because people are working from home so a lot of the vendors are pointing to different things like they're saying your home network is is is like headquarters for the hackers and you know some very entertaining examples in that in that blog that people can go to and read about we can post the blog if people want to know that um but artificial intelligence is certainly and machine learning is becoming more and more Central um and it's being used against organizations so you need to be thinking hard about you know how are you going to automate a lot of your processes um that's a a big area and then one more I'll mention uh movement to the cloud I mean so much is moving to Cloud um you know Cloud security oh excuse me Cloud platforms and the cloud security is becoming so important um a lot of people say this in the US you know hey I'm moving all my data to the cloud I'm moving all my processes to the cloud you know Google does it better than we do or Microsoft does it better than we do or AWS um Amazon web services does it better than we do so but what they what they miss bicash is that you're still responsible for that end to-end Security even if you got an AWS server maybe they've got a great data center maybe they've got security practices but your people are still administering that or you're still running that business process or you're still running that end to-end security for your customers and your clients so you can't just say well I'm just Outsourcing it all to Microsoft or AWS so really uh Cloud security is becoming even more important and and really something that organizations need to really take a look at what is their processes is uh one word you know a term that we use a lot in the US is sassy s s a a s sassy s e um not not sassy like s SS y in the US is like you know it's s a uh sassy um look it up read about it it's certainly a hot a hot area for a lot of people sassy and uh zero trust correct so so interestingly what you mentioned and and and I fully agree with you the the attack surface all of a sudden has changed so dramatically for organizations yeah that today people actually don't know of all the assets they have they don't know the attack surface and and it's continuously changing even the home uh router the system which end user is using from home these are all now part of the extended attack surface right then you have the cloud and teams are creating new Cloud assets and Cloud interestingly scales everything it scales security it can also scale insecurity both together so I I'm a big believer of cloud and I believe that cloud in the long run is going to create a much more safer world if done right and I I am kind of very confident that we will do it right as an industry because because there is business in there so if there is a business driver it will get done right so uh but in the interim this time is very vulnerable because a lot of time people who are just moving to the cloud are not aware of the configurations uh the way it should be done a lot of people are not aware of mongodb having default the default kind of configuration is insecure so like uh since we monitor the kind of overall internet I I I recall I guess there there's around half a million open databases out there right now yeah which is quite crazy people just did notconfigure it right and these are all just out there open so so these are some very interesting new challenges but on top of it I I I would love to probably add one thing which is one of the biggest challenge which we as the industry face is that when it comes to security there are just too many things that we need every vendor is going to come and say you know what you need this you need that and none of these talks to each other so there is a need for consolidation of cyber security and how could that consolidation happen it could happen probably in many ways uh but one or a few interesting Trends which which are out there which could probably shape the future one is zero trust which is a in other words is a kind of consolidation right I mean you eliminate a lot of things and put everything into a single place.