Gartner Identifies the Top Six Security and Risk Management Trends

Gartner Identifies the Top Six Security and Risk Management Trends

Gartner Identifies the Top Six Security and Risk Management Trends

Analysts Will Explore the Trends Security Leaders Face During the Gartner Security & Risk Management Summit, 10-11 September 2018, London, UK

Egham UK, 3rd July, 2018 — Business leaders are becoming increasingly conscious of the impact cybersecurity can have on business outcomes. Gartner, Inc. said that security leaders should harness this increased support and take advantage of six emerging trends, to improve their organisation’s resilience while elevating their own standing.

Trend No. 1: Senior Business Executives Are Finally Becoming Aware That Cybersecurity Has a Significant Impact on the Ability to Achieve Business Goals and Protect Corporate Reputation

IT security is a board-level topic and an essential part of any solid digital business strategy. Business leaders have not always been receptive to this message, but a recent string of high-profile incidents have changed sentiment.

Prominent examples include an Equifax data breach that cost the CEO, CIO and CSO their jobs; a WannaCry attack that caused worldwide damage estimated at between $1.5 to $4.0 billion, and Verizon’s recent $350 million discount on its purchase of Yahoo! as a result of the latter’s data breach.

“Business leaders and senior stakeholders at last appreciate security as much more than just tactical, technical stuff done by overly serious, unsmiling types in the company basement,” said Peter Firstbrook, research vice president at Gartner. “Security organisations must capitalise on this trend by working closer with business leadership and clearly linking security issues with business initiatives that could be affected.”

Trend No. 2: Legal and Regulatory Mandates on Data Protection Practices Are Impacting Digital Business Plans and Demanding Increased Emphasis on Data Liabilities

Customer data is the lifeblood of ever-expanding digital business services. Incidents such as the recent Cambridge Analytica scandal or the Equifax breach illustrate the extreme business risks inherent to handling this data. Moreover, the regulatory and legal environment is getting ever more complex, with Europe’s GDPR the latest example. At the same time, the potential penalties for failing to protect data properly have increased exponentially.

In the US, the number of organisations that suffered data breaches due to hacking increased from under 100 in 2008 to over 600 in 2016.

“It’s no surprise that, as the value of data has increased, the number of breaches has risen too,” said Mr Firstbrook. “In this new reality, full data management programmes — not just compliance — are essential, as is fully understanding the potential liabilities involved in handling data.”

Trend No. 3: Security Products Are Rapidly Exploiting Cloud Delivery to Provide More-Agile Solutions

New detections technologies, activities and authentication models require vast amounts of data that can quickly overwhelm current on-premises security solutions. This is driving a rapid shift toward cloud-delivered security products. These are more capable of using the data in near real time to provide more-agile and adaptive solutions.

“Avoid making outdated investment decisions,” advised Mr Firstbrook. “Seek out providers that propose cloud-first services, that have solid data management and machine learning (ML) competency, and that can protect your data at least as well as you can.”

Trend No. 4: Machine Learning Is Providing Value in Simple Tasks and Elevating Suspicious Events for Human Analysis.

The shift to the cloud creates opportunities to exploit ML to solve multiple security issues, such as adaptive authentication, insider threats, malware and advanced attackers. Gartner predicts that by 2025, ML will be a normal part of security solutions and will offset ever-increasing skills and staffing shortages. But not all ML is of equal value.

“Look at how ML can address narrow and well-defined problem sets, such as classifying executable files, and be careful not to be suckered by hype,” said Mr Firstbrook. “Unless a vendor can explain in clear terms how its ML implementation enables its product to outperform competitors or previous approaches, it’s very difficult to unpack marketing from good ML.”

Trend No. 5: Security Buying Decisions Are Increasingly Based on Geopolitical Factors Along With Traditional Buying Considerations

Increased levels of cyber warfare, cyber political interference, and government demands for backdoor access to software and services have resulted in new geopolitical risks in software and infrastructure buying decisions. Recent government bans against Russian and Chinese firms are obvious examples of this trend.

“It’s vital to account for the geopolitical considerations of partners, suppliers and jurisdictions that are vital to your organisation,” said Mr Firstbrook. “Include supply chain source questions in RFIs, RFPs and contracts.”

Trend No. 6: Dangerous Concentrations of Digital Power Are Driving Decentralisation Efforts at Several Levels in the Ecosystem. The internet is driving a wave of centralisation, one obvious example of which is cloud computing. While there are many benefits (some outlined above), a good security team should be accounting for the risks too.

“Evaluate the security implications of centralisation on the availability, confidentiality and resiliency of digital business plans,” said Mr Firstbrook. “Then, if the risks of centralisation could seriously threaten organisational goals, explore an alternative, decentralised architecture.”

The Gartner Security & Risk Management Summits offer the latest research and to help organisations transform their security strategy and build resilience across the organisation. This year’s events deliver leading-edge thinking on emerging technologies such as AI, ML, analytics, IoT and Blockchain, evolving security technologies and the ever-changing threat landscape.

Upcoming dates and locations for the Gartner Security & Risk Management Summit include:

24-26 July, 2018, Tokyo
14-15 August, Sao Paulo
20-21 August, Sydney
30-31 August, Mumbai
10-11 September, London
22-23 October, Dubai

Follow news and updates from the events on social media at #GartnerSEC.

About Gartner
Gartner, Inc. (NYSE: IT), is the world’s leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities and build the successful organisations of  data-tomorrow.

Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We’re trusted as an objective resource and critical partner by more than 15,000 organisations in more than 100 countries — across all major functions, in every industry and enterprise size.

To learn more about how we help decision makers fuel the future of business, visit www.gartner.com.