Every day, CISOs must decide which cyberthreats to prioritize in their organizations. When it comes to choosing which threats are the most concerning, the list from which to choose from is nearly boundless.
At RSA Conference 2020, speakers discussed several of the most concerning threats this year, from ransomware and election hacking to supply chain attacks and beyond. To pursue the topic of concerning threats, SearchSecurity asked several experts at the conference what they considered to be the biggest cybersecurity threat today.
"It has to be ransomware," CrowdStrike CTO Mike Sentonas said. "It may not be the most complex attack, but what organizations are facing around the world is a huge increase in e-crime activity, specifically around the use of ransomware. The rise over the last twelve months has been incredible, simply because of the amount of money there is to be made."
Trend Micro vice president of cybersecurity Greg Young agreed.
"It has to be ransomware, definitely. Quick money. We've certainly seen a change of focus where the people who are least able to defend themselves, state and local governments, particularly in some of the poorer areas, budgets are low and the bad guys focus on that," he said. "The other thing is I think there's much more technological capability than there used to be. There's fewer toolkits and fewer flavors of attacks but they're hitting more people and they're much more effective, so I think there's much more efficiency and effectiveness with what the bad guys are doing now."
Sentonas added that he expects the trend of ransomware to continue.
"We've seen different ransomware groups or e-crime groups that are delivering ransomware have campaigns that have generated over $5 million, we've seen campaigns that have generated over $10 million. So with so much money to be made, in many ways, I don't like saying it, but in many ways it's easy for them to do it. So that's driving the huge increase and focus on ransomware. I think, certainly for the next 12 to 24 months, this trend will continue. The rise of ransomware is showing no signs it's going to slow down," Sentonas explained.
"Easy" might just be the key word here. The biggest threat to cybersecurity, according to BitSight vice president of communications and government affairs Jake Olcott, is that companies "are still struggling with doing the basics" when it comes to cybersecurity hygiene.
"Look at all the major examples -- Equifax, Baltimore, the list could go on -- where it was not the case of a sophisticated adversary targeting an organization with a zero-day malware that no one had seen before. It might have been an adversary targeting an organization with malware that was just exploiting known vulnerabilities. I think the big challenge a lot of companies have is just doing the basics," Olcott said.
Lastly, Akamai CTO Patrick Sullivan said that the biggest threat in cybersecurity is that to the supply chain, as highlighted at Huawei's panel discussion at RSAC.
"The big trend is people are looking at their supply chain," he said. "Like, what is the risk to the third parties you're partnering with, to the code you're developing with partners, so I think it's about looking beyond that first circle to the second circle of your supply chain and your business partners."