If there’s one thing the recent cyberattack against the U.S. government demonstrated, it’s that no one is safe from bad actors intent on disrupting business and causing damage. Clearly, tech companies can do a lot more to advance our collective cyber resilience and protect businesses, governments and other organizations. We need more conversation, more education, and more innovation.
To stimulate activity in all three areas, CompTIA has launched the Cybersecurity Advisory Council, a new collective of thought leaders and seasoned cyber executives, all working together to help educate vendors, solution providers, MSPs and other tech companies on the latest best practices and protocols for business.
We asked the council’s leaders what their goals were for 2021 and what cyber trends that CompTIA members—and all tech companies—should be tracking in the new year. Here’s what they had to say.
Goal 1: Educate and Activate
“We will be working collectively within the council to educate, empower and positively influence the channel and our consumers. We recognize the real need to make industry-wide improvements if we are going to defend our companies, customers, and industry reputations. The council will greatly expand outreach with the primary goal of changing collective behavior to reduce attacks and their associated negative impacts on the channel and their clients.” – Tracy Holtz, director of security solutions, Tech Data, and co-chair of the Cybersecurity Advisory Council
Goal 2: Reinvigorate and Collaborate
“The council will help to reinvigorate the cybersecurity dialogue within the channel to get focused on the right things that can actually make a difference. We will promote and drive community collaboration to seek solutions for the ever-growing risks associated with cybersecurity weakness. Our actions will be designed to ignite critical public policy debate and push for positive changes. Our ability to safely move forward as an industry is dependent on getting cyber defense right.” – Kevin Nikkhoo, CEO, XeneX, and vice-chair of the Cybersecurity Advisory Council.
Goal 3: Inspire and Empower
“One of our key initiatives will be progressively working to inspire the focused attention and sustained action from the boards of directors, investors and other executive leadership of all businesses. We want to help them realign their priorities toward cyber defense strategies that work for them. We will empower them to become more effective and invested in making positive changes in the cyber posture of their respective companies, customers, and other organizations. Through easy-to-consume information and questions, we want to remove the x-factor of needing technical experience. We will be that reassuring voice confirming that they are doing the right things. We will help them to find their own appropriate conclusions. We want them to be able to trust in the defenses of their organizations, employees, stockholders, and customers.” – Kevin McDonald, COO and CISO, Alvaka Networks, and co-chair of the Cybersecurity Advisory Council
Trend 1: Fallout from 2020 Attacks Will Continue
“As we have now seen with the early devastation of the SolarWinds Orion debacle, the risk of even highly trusted mainstream applications is very real. We have only just begun to see the breadth and depth of the follow-on attacks. The FireEye compromise and theft of their tools will also likely have long-lasting impacts as they are leveraged against companies unaware of the issues and/or unable or unwilling to remediate against them. There will be greater distrust and IT departments will have to find a better way to watch the watchers. Discussions about and actions around supply chain risk will increase greatly. They will impact current and new business relationships and create opportunity for the channel to understand and remediate the negative impacts.” – Nikkhoo
Trend 2: Business Email Compromises Accelerate
“Business email compromise attacks have grown significantly in 2020 and are showing no signs of slowing. They will likely continue to grow in their frequency and amounts. I predict we will see a continuation of both Covid-19 and political campaign and action pushes as themes. It will require additional efforts to educate the public and support their adding controls.” – Holtz
Trend 3: Ransomware Grows, Splinters, and Plagues All Businesses
“Ransomware will continue to plague businesses and become more of a common threat that everyone in the channel will need to address in some way. We (Alvaka) have done remediation work for a nearly constant flow of new clients this past two years, including two medium-sized companies we are supporting through the holidays. On average, in late 2019 and all of 2020, the damage is more severe, the ransoms much larger and extortion is pretty regular. Small, medium, and large companies are suffering crippling attacks. We are seeing the splintering of the biggest threat actors only to see them come back like a hydra as multiple new groups. We can only guess how many new ransomware attacks will leverage the SolarWinds Orion and FireEye vulnerabilities.” – McDonald
Looking for more cybersecurity information? Join CompTIA’s IT Security Community as well as the CompTIA Information Sharing and Analysis Organization (ISAO) to ask questions, share best practices and get the latest threat intelligence.