CISOs faced a number of challenges in 2020, not the least of which was COVID-19 and the mass migration from onsite to remote work. Maybe for the first time, corporate leadership saw just how vital the security team is to ensuring the company runs, and runs smoothly, thus making 2020 the year when the CISO and cybersecurity teams went from the background to the very forefront of enabling organizational productivity.\nIn 2021, CISOs and their security teams can expect to continue to show how vital their role is from risk mitigation to ROI \u2013 as they tackle the combined challenges of supply chain hacks, ransomware, WFH, the rollout of 5G, and more.\nThe impact of supply chain hacks\nCapping off the end of the year (and what a year!), CISOs enter 2021 trying to make sense of the SolarWinds hack and how it could impact their own organization. As\u00a0CNET\u00a0explained, \u201cIt's a big coup for hackers to pull off a supply-chain attack, because it packages their malware inside a trusted piece of software.\u201d Government agencies are the first targets we know about, but it appears dozens of other companies have been impacted. Those affected\u00a0will spend the next several weeks and months figuring out\u00a0how someone could go undetected for nearly a year in their system, and sorting out the damage.\u00a0\u00a0\nRansomware\nRansomware will continue to cause problems in 2021 and CISOs can expect to see threat actors becoming more creative with their attacks.\u00a0Ransomware-as-a-Service\u00a0is a quick and easy way for hackers to make a few bucks\u2014an RaaS builder costs about $40 and there are videos available on social media showing how to develop attacks.\nNation-states are also deploying ransomware attacks, going after critical infrastructure with\u00a0multi-staged attacks. They begin with a brute force attack to gain the admin password and then create a backdoor to enter the network. Once inside, malware is deployed to find the endpoints, and once that is completed, ransomware is launched.\u00a0 2020 saw a number of organizations, including some prominent healthcare facilities, fall victim to these attacks, and 2021 will likely trend increasingly in the wrong direction.\nThe remote workforce\nWorkers aren\u2019t going to be returning to the office in 2021. Work from home is going to be in place until there is a full vaccine rollout, and maybe even longer. That means whatever cybersecurity systems that are incorporated now are going to have to stay in effect or be modified for workers who are in a hybrid model of home\/office work weeks. Cybercriminals know this, so they will target remote workers with phishing and other targeted attacks. CISOs can expect to see phishing campaigns around the COVID-19 vaccines, with likely \u201coffers\u201d on how to get ahead of your neighbor on the vaccine waitlist.\nPhishing won\u2019t be the only problem. Remote workers will continue to use BYOD, including new devices received as holiday gifts, that could cause problems for network security. If companies haven\u2019t already developed a plan to monitor BYOD during remote work, CISOs might want to add this to their plans for 2021.\nThreats coming from inside the house\nWhen talking about threats coming from inside the house, these aren\u2019t threats from employees or vendors, but threats from inside the actual home of a company\u2019s workforce. Employees aren\u2019t the only ones using the house\u2019s WiFi, and CISOs need to take into account the behavior of everyone within a household when thinking about corporate cybersecurity.\nAfter the holidays, families were busy setting up their new doorbell cameras and cloud-based voice services like Alexa, and all of these IoT devices add extra risks. Or maybe the kids got the newest gaming systems from Microsoft or SONY, or subscriptions to their favorite online game. In December, it was discovered that the Steam gaming client, which hosts some of the most popular games like Dota, had\u00a0serious vulnerabilities\u00a0that would allow a hacker to take over any computer connected to the game client.\u00a0\nRemote access and stolen credentials\u00a0\u00a0\nThe need for remote access could lead to a rise in stolen credentials. If an adversary is able to get your employee\u2019s credentials (potentially through the first three threat trends mentioned above), then the adversary has access to everything the employee does. CISOs can\u2019t depend on VPNs to keep network access safe, either.\nTake last summer\u2019s\u00a0Twitter hack\u00a0as an example. The teenage hacker was able to steal VPN credentials from a Twitter employee and used that information to access the credentials of the Twitter accounts belonging to some of the world\u2019s most famous people to scam their followers into a \u201cget rich quick\u201d proposition. The hacker got more than $100,000 from the scam, and Twitter showed how easy it is to access its network with one person\u2019s credentials.\u00a0\nSecurity surrounding \u201cwork anywhere\u201d productivity\nOrganizations making the transition from on-premise networks to cloud networks made remote work possible and allowed workers keep up productivity. Keeping the cloud secure, however, will be the challenge for CISOs. Security teams will need to take a closer look at identity and access management systems to prevent credential theft, improve monitoring within the cloud environment, and protecting proprietary and sensitive data in the cloud.\nThe 5G rollout\nWill 2021 be the year that 5G really makes an impact? Possibly, but CISOs and their security teams need to prepare for 5G security challenges regardless. We don\u2019t know yet how companies or threat actors will leverage 5G, but we do know, with the benefits of faster connections and lower latency, there are going to be more devices able to use 5G\u2019s capabilities at one time. Organizations will need to be ready to protect the increasing number of these new endpoints, especially if they are continuing to manage the security of a remote workforce.\nMuch of 2021\u2019s security will have to revolve around an anticipated largely remote workforce, but many of these security concerns, like ransomware, stolen credentials, and cloud threats, will remain long-term issues. The more CISOs and their teams can mitigate the risks surrounding these threat points, the more business operations can run without disruption, helping once again prove the ROI value of the security team to leadership.