1. Security leaders will increase their focus on cyber resilience. While protecting organizations against cyber threats will always be a core focus area for security programs, we can expect an increased focus on cyber resilience, which expands beyond protection to include recovery and continuity in the event of a cyber incident. It’s not only investing resources in protecting against cyber threats; it’s investing in the people, processes, and technology to mitigate impact and continue operations in the event of a cyber incident.
2. Security teams need to protect against increasingly sophisticated spear phishing and social engineering attacks. The sophistication of recent spear phishing and social engineering attacks make attribution of threat actors increasingly difficult, which makes it more challenging for organizations to properly defend against them. Next year, expect to see more sophisticated social engineering attacks utilizing emerging deep-fake and AI technologies.
3. Continuing instability across the software supply chain will provide a rich environment for large-scale attacks. We’ve seen major supply chain attacks over the past few years and the software supply chain has only grown in importance. A recent executive order on the security of the software supply chain for government vendors is a step in the right direction. But we need to see more companies focus on strengthening their security practices, from considering a zero-trust approach to further securing infrastructure services (e.g., code signing, PKI, and hardening the release process). Increasing dependencies on third parties will also require more focus on security controls throughout the software supply chain, such as instituting third-party risk assessments, identity and access management, and timely patching.
4. Increasing reliance on cloud vendors could expand companies’ attack surfaces. With the flexibility offered by the cloud, more organizations are layering cloud technology into new places and enabling unique use cases with cloud technologies. However, in doing so, they’re also expanding their attack surfaces and will also need to come up with new strategies to deploy cloud security technologies and protection strategies. IT leaders will also need to have a strong process in place to evaluate these vendors and understand the technologies they use on the backend.
About Michael Adams, CISO at Zoom:
Michael Adams brings nearly 30 years of security and leadership experience as Zoom’s Chief Information Security Officer. Michael joined Zoom in August 2020 and served as Chief Counsel to the COO and CISO while building the company’s insider risk, global intelligence, operations assurance, and security legal programs. A graduate of the U.S. Naval Academy who began his career as an engineer, Michael was previously an advisor to two Chairmen of the Joint Chiefs of Staff, numerous prominent publicly traded and privately held companies, and the highest levels of the U.S. Government. He enjoyed success as an executive at Palantir and as a partner in a major international law firm. Michael and his wife, two children, and Chesapeake Bay retriever live in Charlotte, North Carolina where they are active members of the community and longtime, die hard Baltimore Orioles fans.