2021 Cybersecurity Predictions for CISOs Across Industries

In 2020, organizations across industries faced numerous security challenges as the nature of work suddenly and unexpectedly shifted. CISOs were forced to rapidly pivot their security strategies across the infrastructure, from the endpoint, enterprise data center, WAN, or cloud edges, and make real-time decisions that would impact their organization over the course of 2020. 

Throughout the year, Fortinet CISOs shared their expertise with organizations worldwide to help them address both current and future cybersecurity challenges. Four of these Fortinet CISOs joined us virtually to reflect on 2020 cybersecurity outcomes and share their 2021 predictions for the federal, retail, financial services and healthcare sectors.

Jim Richberg, Fortinet Field CISO 
Federal Government

“Federal agencies have always been a high value target for malicious actors and the surge in remote work in 2020 only exacerbated this. For the federal government, 2021 is likely to be a year of transition. Many agencies are likely to continue to let a significant number of employees work remotely at least part time; this makes securing remote telework an ongoing priority for government, rather than a ‘2020 problem’, since the remote teleworker’s IT environment, online collaboration platforms, and connectivity will continue to be targeted by both criminal and nation state (APT) actors. 

More government services and data became accessible online as a result of the COVID pandemic; this will likely bring more Denial-of-Service activity directed against these digital assets, with a trend towards multiple simultaneous small attacks intended to stay below the threshold of automated response. And while ransomware in the public sector is often viewed as largely a problem for state and local government, the digital assets and services of most federal agencies are ‘crown jewel’ assets in terms of the sensitivity and quantity of data they contain. CISOs will need to prioritize solutions such as Zero Trust Access, automated endpoint security, and employee awareness to counter this range of threats, and to ensure that solutions such as software defined networking and multi-cloud services are implemented securely.”

Courtney Radke, Fortinet Field CISO  
Retail 

“In 2020, omni-channel experiences, contactless commerce, and a more mature cloud strategy were more than just “nice to haves”. They quickly became essential for retail organizations looking to thrive in the face of unexpected challenges and changing consumer behavior. In 2021, we will continue to see organizations relying on these approaches and, as they do, security must continue be a top priority. Cybercriminals are always looking for new opportunities to exploit vulnerabilities and retail has always been a prime target for financially motivated attacks. These campaigns were especially successful in 2020 as threat actors capitalized on the ongoing global disruption and rapid technology adoption being undertaken by retailers. It became apparent early on that thoughtful planning and investments made in technology platforms before the events of 2020 created much greater opportunity to survive and thrive in the new dynamic retailers found themselves in. 

Going into 2021, retailers will look to expand on these investments while creating efficiencies and cost-saving opportunities along the way. Secure SD-WAN, coupled with flexible and adaptive security solutions that are easy to manage, will help reduce overall network complexity while ensuring high performance and “always on” availability of applications and customer facing technologies. Expanding 5G usage will only further highlight the necessity for robust and secure connectivity. Zero Trust Access, when integrated with the existing security fabric, will help businesses identify risk in their environments and successfully and securely scale to meet changing customer demands and business needs. As digital innovation shows no signs of slowing down, retailers will likewise need to streamline security operations through automation-focused technologies such as SOAR and manage the impact of the cyber skills shortage by augmenting with AI-enabled services to help keep up with the influx of data and alerts due to rapid multi-cloud and IoT adoption."

Renee Tarun, Fortinet Deputy CISO  
Financial Services 

“Like organizations across verticals, financial services organizations had to pivot largely to remote work in 2020 and digital services became more important than ever before. This, of course, brought on new opportunities for cybercriminals to exploit weak points in the security infrastructure of financial institutions to gain access to highly targeted and lucrative data. These trends will likely continue in the new year, which is why CISOs need to be taking a hard look at their strategies to identify any potential gaps. 

As financial institutions remain under threat of constant attack, they will need to look at flexible and agile solutions to enable IT and security to scale and adapt without compromising security and performance. Since we expect to see an increased reliance on the cloud as digital services continue, maintaining visibility and control across their cloud, on-prem, and hybrid environments will be pivotal. It will require a broad suite of security tools that cover the entire attack surface including all users, applications, and devices, on and off the network with Zero Trust Access tools that are integrated to reduce the complexity of managing multiple solutions and vendors. In addition, centralized management of security, including automation of workflows with security orchestration, automation, and response (SOAR), automated endpoint protection, and threat intelligence sharing will be key for protection, detection, and response to security incidents.”

Troy Ament, Fortinet Field CISO  
Healthcare 

“2020 brought a slew of new security challenges to healthcare. As healthcare, pharmaceutical, and life sciences organizations pivoted to deal with the COVID-19 pandemic by transitioning to telehealth services, creating temporary remote COVID-19 testing sites, and developing and manufacturing vaccines, security teams struggled to ensure security, performance, and compliance—among other things. Many organizations had to revamp their security infrastructure to support these remote users as cybercriminals seized the opportunity to exploit the global health crisis. 

These attacks will not end in 2021, and healthcare CISOs need to be prepared to address these concerns, as well as anything else that 2021 throws at us. Healthcare organizations’ quick response to COVID-19 challenges leveraged cloud technology, secure mobile workforce enablement, and virtual patient platforms at an accelerated rate that demonstrated healthcare organizations can more quickly and effectively enable digital transformation to solve healthcare, life sciences, and pharmaceutical business challenges in the future. In addition, these same organizations have been targeted and impacted by a 75% increase in ransomware threats that will continue to rise in 2021 requiring organizations to invest in key security programs (SD-WAN, Edge Compute, Cloud Security, and Security Operations) to reduce organization risk and ensure compliance.”