Security and risk management leaders must evolve their strategies to protect their organization’s expanding digital footprint against new and emerging threats in 2022 and beyond, according to Gartner.
The research firm has identified seven security and risk management trends leaders should know:
Trend #1: Attack Surface Expansion
Enterprise attacks are expanding and so are risks associated with the use of cyber-physical systems (e.g. biometrics), the Internet of Things, open source code, cloud applications, complex digital supply chains, social media and many more. They’ve all brought the organizations exposed services outside of a set of controllable asset, according to Gartner. Organizations must look beyond traditional approaches to security monitoring, detection, and response to manage a wide set of security exposures.
Trend #2: Digital supply chain risk
As if Log4j wasn’t enough for the supply chain, more threats are expected to emerge. Gartner predicts by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a threefold increase from 2021.
Trend #3: Identity threat detection and response
Threat actors are actively targeting identity and access management infrastructure (IAM) and credential misuse as a primary attack vector.
“Organizations have spent considerable effort improving IAM capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure,” said Peter Firstbrook, research vice president at Gartner in a statement. “ITDR tools can help protect identity systems, detect when they are compromised and enable efficient remediation.”
Trend #4: Distributing decisions
Enterprise security and risk management needs and expectations are maturing and executives require more agile security amid an expanding attack surface. The scale and complexity of digital business makes it necessary to distribute cyber security decisions, responsibility and accountability across the organization and away from a centralized function.
“By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of digital organizations. CISOs must reconceptualize their responsibility matrix to empower Boards of Directors, CEOs and other business leaders to make their own informed risk decisions,” said Firstbook.
Trend #5: Beyond Awareness
Gartner’s report highlights how human error continues to be a factor in many data breaches, demonstrating that the traditional approach to security awareness training are ineffective.
The new trend is for organizations to invest in a holistic security behavior and culture programs (SBCPs), rather than outdated compliance centric security awareness campaigns.
The new SBCPs focus on fostering new ways of thinking and embedding new behavior with the intent to provoke more secure ways of working across the organization, according to Gartner.
Trend #6: Vendor Consolidation
Security technology convergence is accelerating new security and risk mangement approaches such as extended detection and response, security service edge and cloud native application protection.
Gartner predicts by 2024, 30% of enterprises will adopt cloud delivered secure web gateways, cloud access security broker, zero trust network access and branch office firewall as a service capabilities from the same vendor.
Consolidation of security functions will lower total cost of ownership and improve operational efficiency in the long term, leading to better overall security, according to Gartner.
Trend #7 Cybersecurity Mesh
Security product consolidation is driving integration of security architecture components. There is still a need to define consistent security policies, enable workflows and exchange data between consolidated solutions. A server security mesh architecture helps provide a common, integrated security structure and postures to secure all assets, whether they’re on premise, in data centers or in the cloud