According to Gartner, the shift to remote work and cloud computing services has made it more difficult to protect businesses from attacks, especially in the face of an ongoing shortage of qualified security personnel. But that’s just part of the change the tech analyst firm envisions in the security landscape.
“Organizations around the world are grappling with sophisticated ransomware, digital supply chain attacks and deep-seated vulnerabilities,” said Peter Firstbrook, research vice president at Gartner. The analyst firm said what new challenges they can be divided into three main groups: new responses to sophisticated threats; the evolution of security practices; and rethink technology.
Attack Surface Expansion
In particular, Gartner warned that enterprise attack surfaces, the sum of the systems and access points that organizations need to defend, are expanding. It points to the risks associated with the Internet of Things, open source code, cloud applications, and complex software supply chains, warning that these have “driven the exposed surfaces of organizations outside of a controllable set of assets.” “. Organizations must look beyond traditional security monitoring, detection and response approaches to manage a broader set of security exposures, Gartner said.
Digital supply chain risk
Software supply chain attacks are difficult to detect because companies often have few ways to verify software updates and must trust them. Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains.
“Digital supply chain risks call for new mitigation approaches involving more deliberate risk-based supplier/partner segmentation and qualification, requests for evidence of security controls and secure best practices, a shift to intelligence-based thinking.” resilience and efforts to get ahead of upcoming regulations,” the analyst noted.
Identity threat detection and response
Sophisticated threat actors are actively targeting identity and access management infrastructure, and credential misuse is now a primary attack vector. That’s why businesses are regularly urged to upgrade to multi-factor authentication, which makes it harder to use stolen or forged usernames and passwords. But Gartner warns that companies still need to do more to protect identity systems to detect when they are compromised and enable efficient remediation.
ZDNET SPECIAL FEATURE: SECURING THE CLOUD
Distribute security decision making
Enterprise cybersecurity needs and expectations are maturing, and that means the chief information security officer can’t do it all. Instead, cybersecurity decisions will need to be shared more broadly. Gartner predicts that at least 50% of C-level executives will have cybersecurity risk-related performance requirements built into their employment contracts by 2026, while a single centralized cybersecurity function will not be agile enough to meet the needs of digital organizations.
Analysts also said that because human error continues to be a factor in many data breaches, it shows that traditional security awareness training approaches are ineffective; organizations need to go ‘beyond awareness‘ to invest in broader safety culture and conduct programmes. Organizations must also be aware of ongoing security supplier consolidation and the emergence of new concepts such as cybersecurity mesh architecturethat helps companies create an integrated security structure and posture to protect all assets, whether on premises, in data centers or in the cloud.