The COVID pandemic has been hard on security teams in 2020. Ransomware attacks increased. Remote work disrupted and weakened security processes. CISOs were forced to adjust their short- and long-term plans. 2021 will be better, right?Well, it will be different, and some things are likely to become worse. CSO has been following four key trends to project how they might play out in 2021. All have been driven or influenced by the pandemic, which will have a long-lasting impact on the threat landscape and how security teams protect people and assets.1. Ransomware: Bigger, meaner, smarterCybercriminals are opportunists. The pandemic made organizations more vulnerable as they scrambled to cope with the fallout. That made 2020 a boom year for ransomware attacks, mostly in terms of increased volume. Cyberinsurance provider Coalition reports that ransomware accounted for 41% of all cyberinsurance claims filed in the first half of 2020.Businesses, schools, and healthcare organizations struggling to cope with the pandemic could ill afford to have their systems off-line due to a ransomware attack, and attackers know they are consequently more likely to pay. According to the 2020 Crowdstrike Global Security Attitude Survey conducted in August and September, 27% of ransomware victims paid a ransom fee in the previous 12 months, paying on average $1.1 million.Attackers have shifted tactics recently to raise the stakes for their victims. They\u2019ve improved the implementation of their encryption schemes, making them harder to crack. Rather than simply encrypt critical data, some criminals now steal sensitive data and threaten to release it if the ransom is not paid. The FIN11 group, for example, had until recently focused on extorting money from financial, retail, and restaurant businesses. Last year, they shifted their focus to ransomware and set up a website where they release data stolen from companies that refuse to pay the ransom demand.Cloudflare reported that some groups, including Fancy Bear, Cozy Bear and Lazarus, are now conducting ransom-based distributed denial-of-service (DDoS) attacks. The attackers threaten to disrupt a targeted victim\u2019s network with a DDoS attack if a ransom is not paid, sometimes in sync with a \u201cteaser\u201d attack that causes minor disruption.Increasing pressure to submit to extortion, targeting of the most vulnerable victims, and tactics that make it more difficult to recover encrypted data will keep ransomware the most profitable \u201cline of business\u201d for cybercriminals in 2021 and the single biggest threat for all organizations. That makes it critical for CISOs to ensure they follow best practices for mitigating ransomware risk in the coming year.2. The expanding role of the CISOJust as cybercriminals see opportunity in disruption, CISOs have an opportunity to play a bigger role at the executive level. COVID has raised the profile for security. A greater attack volume, especially for ransomware, has caught the attention of CEOs, CFOs and boards of directors, and they are looking to CISOs to respond. The pandemic-inspired rush to digitally transform organizations could raise their risk, and CISOs need to be part of that process. The sudden need to safely support scores of remote workers has raised concerns over the vulnerability of systems and data.The most successful CISOs have always viewed the security function in a business context. With the added attention they now have, that\u2019s even more important. So is building confidence in their ability to execute and manage the complex operational changes that the pandemic has forced.At the recent CSO50 conference, McDonald's corporate vice president and global CISO Tim Youngblood spoke about what a CISO needs to do now to be successful. It starts with being good at the technical aspects of the job, but Youngblood emphasized the need for operational excellence, which he called the ticket that allows CISOs to do other things.He cited managing identity as an example. \u201cThat is the way you connect to every asset in the company,\u201d he said. \u201cAt the end of the day, although a big part of identity is protecting things, we\u2019re also enabling just about everything in the environment. That\u2019s where that operational excellence becomes so important. If they don\u2019t trust you with the operations, they won\u2019t trust you with anything else.\u201dYoungblood also advised security leaders to partner with the business side. \u201cWe have gotten a seat at the table. We\u2019re frequently asked to speak with the board of directors. Now that we have a seat at the table, we have to show our value.\u201d That means going beyond talking about threats and mitigations and explaining how security enables the business as a partner. \u201cIf you partner and you\u2019re all bought in, your success is their success,\u201d he said.Successful partnering requires good communication. Greg Wood, senior vice president for information security and risk management at the Walt Disney Company, spoke at the CSO50 conference about how CISOs should talk about security going into 2021. \u201cCISOs need to be able to speak about cybersecurity matters at different altitudes, and they need to know what altitude they are at.\u201d While CISOs must be able to show technical knowledge when speaking with technically savvy colleagues to have \u201cstreet credibility,\u201d he said, CISOs need to communicate in \u201cthe language, the focus, the perspective\u201d of each partner in the business.\u201cWe\u2019re being pulled more quickly into business strategy meetings,\u201d Wood said, \u201cwhere they used to be technology strategy meetings. It\u2019s a sign of maturity in the organization and in the discipline itself when you\u2019re called in not because the CIO wants you there, but when the CFO wants you there.\u201d \u00a0Not just the pandemic is reshaping the role of CISO. New privacy and security regulations are also having an effect. \u201cOur jobs have fundamentally changed,\u201d said Roland Cloutier, CSO at TikTok, at the CSO50 conference. \u201cOur services need to morph, especially around how we protect data. How do you drive data defense programs that are cross-pollinated with other specialties in the organization around privacy, IT, data management, data governance. This is so far beyond cyber defensive operations. We\u2019re really talking about controls, assurance, and monitoring at a data level and how you integrate that into your security platform.\u201dThe key for CISOs to navigate these new regulatory demands is to have a good relationship with their organization\u2019s general counsel and privacy groups, said Cloutier. \u201cWe need a clear understanding of our business and what we deliver and where we deliver it. Once you understand your operating parameters\u2026and you have that great relationship, you\u2019re in a really good position to start building out the services you need to provide.3. Organizations reassess security strategies and tech stacksHow do you protect all your endpoints if they can be anywhere and perhaps on devices you don\u2019t control? Is your organization prepared for the increasing sophistication and professionalism of organized cybercriminals? Can your security infrastructure and staff pivot and adapt to rapid changes?Many, if not most, of the newly remote endpoints that security teams suddenly had to protect in COVID's work-from-home shift will become permanent. Skybox\u2019s Cybersecurity in the New Normal survey shows that 70% of organizations expect at least a third of their remote workers will remain so in 18 months. Security measures taken on the assumption the move would be temporary must be reconsidered.The pandemic has also spurred companies to start or accelerate digital transformation projects, which most significantly means moving more systems to the cloud. That, too, requires a rethinking of security strategy and infrastructure.Security leaders are becoming more concerned about direct and indirect threats posed by nation-states and their proxies. Eighty-seven percent of respondents to the Crowdstrike survey said that nation-state sponsored attacks are more common than most people believe, and 73% said such attacks pose the single biggest threat to organizations like theirs in 2021. Not surprising during a pandemic, biotech and pharmaceutical organizations say they are at the highest risk (82%). That doesn\u2019t account for the indirect nation-state threats posed by their proxies acting on their own or the increased availability of their tactics, tools and procedures (TTP) to criminal groups.To cope with these permanent changes and enhanced threats, companies are looking at several technologies to pilot or implement in 2021, according to IDG\u2019s Security Priorities Study. Respondents say they will either evaluate or invest in these technologies for 2021:Zero trust (40%)Deception technology (32%)Authentication solutions (32%)Access controls (27%)Application monitoring (25%)Cloud-based security services (22%)4. Security talent acquisition: Demand goes upAs security leaders adapt to the long-term changes brought on by the pandemic, many will likely want to add staff or change the make-up of their security teams. That\u2019s difficult in the best of times, but with everyone reassessing staffing needs, hiring security talent is bound to get tougher in 2021.The security function has mostly been spared from pandemic-related layoffs\u2014only 24% of respondents to the Crowdstrike survey said they lost staff due to COVID and 35% have put security hiring freezes into effect. So, don\u2019t expect a big influx of talent on the market in 2021 due to staff cuts. Demand for talent seems to have grown, too. CyberSeek, which supplies data on the cybersecurity job market, shows about 525,000 open security jobs in the US at this writing, compared to 390,000 before the pandemic began. What\u2019s worse, Emsi Research reported in July that there were fewer than 200,000 qualified candidates for those jobs.One option is to consider remote security workers. Many organizations have resisted hiring remote security professionals, but the pandemic has proved to many that not all security talent needs to be on premises. This frees businesses to expand their searches for hard-to-find talent to different geographic regions.\u00a0Emsi Research\u2019s report offered a couple of recommendations to fill open security positions. The first is to train non-security people, what it calls a \u201cbuild, don\u2019t buy\u201d approach. IT, finance, and business operations staff are among the most viable employees for retraining and have the highest rate of transitioning to cybersecurity, according to the report. Each has domain knowledge, such as networking systems, financial transactions, and business processes, that would enhance any security skills they learn.The other recommendation is for employers, educational institutions, and local workforce development programs to collaborate. By identifying specific security needs, they can develop talent together at a local level. For example, they can make it easier for job seekers to pursue security roles by communicating the value of security certifications and reducing their cost.