Axio’s Cybersecurity Hall of Fame Awards: 2021

With a near incessant flow of high-profile cyber-attacks, 2021 was a significantly active year for cybercriminals. Merging into 2022, we looked back at the most significant cybersecurity themes that we at Axio have covered throughout the year. In our review, five major themes emerged, and we decided it would be fitting to enter 2022 with a compilation of the “greatest hits” in cybersecurity throughout the past year. 

MVP Award: Ransomware 

Ransomware is not a novel cyber threat, but it has earned its place as “MVP” by becoming a household name in 2021. Ransomware remained at the top of every CISO’s list of concerns. Ransomware crimes made consistent headlines throughout the year with the Colonial Pipeline attack and many others. It was the driving force behind the US Cybersecurity & Infrastructure Security Agency’s policymaking, and even played a role in the United States’ cream cheese shortage over the holidays. 

1. Forget Holiday Cheer; the Cream Cheese Shortage is Here
2. CISA Says:  Ransomware is Here to Stay! 4 Easy Steps Hackers Don’t Want You to Know 
3. Is Ransomware Resilience Actually Possible?
4. What if a Colonial-type Event Happened to Us? 

(The widespread Log4J vulnerability is a late entry for MVP but deserves an honorable mention. We are far from understanding the extent of the damage it has done and will continue to do. Log4J has a considerable head start towards earning “MVP” in 2022. Check out our coverage on it here and here.)  

Rookie of the Year Award: Critical Infrastructure and Supply Chain  

Like ransomware, critical infrastructure and supply chain attacks have been around for a while, but their performance in late 2020 through 2021 moved them up to the major leagues. Critical infrastructure is a tasty target to cybercriminals. With the JBS and Colonial Pipeline breaches, we learned just how disruptive these attacks could be, and we also gathered some key takeaways from the failed supply chain attack on the Port of Houston.   

1. Never Gonna Give You Up:  Staying on top of IoT Security Risks 
2. Prepare Yourself for a Cyber-physical Attack 
3. Port of Houston Prevents Data Breach:  A Success Story Highlighting the Importance of Privileged Account Management (PAM) Controls 
4. Cyber Attack Strikes US Critical Infrastructure  
5. The Importance of Protecting the Electric Industry 

Most Improved Player Award:  C-Suite and Board of Directors 

While there is still much room for improvement, 2021 was the year of reckoning for many business leaders. The prevalent ransomware and supply chain attacks, among others, served as a wake-up call for these C-Suite executives and Board members; many have begun working more closely with their CISOs to execute a duty of care when it comes to their cybersecurity spending strategies.  

1. What Did Your Board Know and When Did They Know it? 
2. CISOs:  Top 7 Reasons Why Your CEO Wants to Break Up with You 
3. Time is Not on Your Side:  Why Every CISO Needs a Cyber Risk Quantification Strategy Before It’s Too Late 
4. 5 Important Things Board Members Should Know About Ransomware Risk 

Best Defensive Player Award: Risk-based Cybersecurity Approach 

The National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), and other risk-based cybersecurity strategies, provide the most effective and accessible guidelines for implementing cybersecurity programs. It is useful for businesses at all cybersecurity maturity levels as it focuses on an ongoing, continuous approach to security. Established frameworks such as the NIST CSF should work hand in hand with compliance mandates and requirements.

1. Why NIST CSF Helps Hospitals and Healthcare Systems in the Face of Growing Cyber Attacks 
2. Compliance is Not Security! How You Can Transform a Compliance-driven Security Culture into a Risk-Based Security Culture 
3. Getting Started with the NIST Cybersecurity Framework
4. C2M2 V2.0 is here 
5. How to Navigate the Cybersecurity Framework Landscape 

We also had a banner year here at Axio, empowering organizations to solve their unique cyber risk challenges. We’re changing how leaders think about cyber security. Throughout 2021 we have worked with customers to create uniquely tailored cyber security strategies through continuous cyber risk assessments. We help business leaders translate cyber risk into dollars and cents, enabling strategic and quantifiable business decisions, and we look forward to continuing this mission in 2022. 

1. Axio in Gartner Hype Cycle for Cyber and IT Risk Management 2021 
2. 5 Takeaways From our Webinar on Cyber Risk with former BP CEO Bob Dudley 
3. 5 Reasons You Can’t Miss the Recorded Discussion on Cyber Risk with Former BP CEO Bob Dudley 
4. Why I Joined Axio – Bob Dudley 
5. Customer Success Story:  Riverstone Holdings