Gartner reveals 7 security trends
Consulting exposes current cyber threats
Expansion of the attack surface, digital supply chain risk, and identity threat detection are among the predominant trends in the area of security and risk management that enterprises should address this year, according to Gartner, a global technology research and consulting firm.
“Organizations around the world are grappling with sophisticated ransomware, digital supply chain attacks and deep-seated vulnerabilities,” said Peter Firstbrook, research vice president at Gartner.
The pandemic has accelerated hybrid working and the shift to the cloud, challenging chief information security officers (CISOs) to secure an increasingly distributed enterprise while facing a shortage of trained security staff, he said.
There are seven trends that security risk management needs to consider to deal with new emerging threats, said Mr. Firstbrook.
The first concerns enterprise attack surfaces that are expanding. Risks related to the use of cyber-physical systems and the Internet of Things, open source code, cloud applications, complex digital supply chains, and social networks have now pushed the exposed surfaces of organizations outside of controllable assets.
He said digital risk protection services, external attack surface management technologies, and cyber asset attack surface management will help CISOs visualize internal and external business systems, automating the discovery of security coverage gaps. security.
The second trend involves digital supply chain risk, as cybercriminals have found that digital supply chain attacks can provide a high return on investment.
As vulnerabilities spread through supply chains, more threats are expected to emerge, Firstbrook said.
By 2025, Gartner predicts that 45% of organizations worldwide will have experienced attacks on their software supply chain, a threefold increase from 2021, it said.
The third trend involves identity threat detection and response where sophisticated threat actors target identity and access management (IAM) infrastructure, while credential misuse is a primary attack vector, Firstbrook said.
“Organizations have put considerable effort into improving IAM capabilities, but much of it has focused on technology to improve user authentication, which actually increases the attack surface for a critical part of the cybersecurity infrastructure” , said.
The fourth trend is the distribution of decisions. The scope, scale, and complexity of digital business now make it necessary to distribute cybersecurity decisions, responsibility, and accountability across units of an organization.
The fifth trend involves the need to invest in holistic security behavior and culture programs, rather than outdated compliance-focused security awareness campaigns, as a way to protect against the problem of data breaches.
The sixth trend is security technology convergence because companies will need to reduce complexity, minimize administrative overhead and increase efficiency, Mr. Firstbrook said.
Gartner predicts that by 2024, about 30% of enterprises will adopt cloud-delivered secure web gateway, cloud access security broker, zero-trust network access, and firewall-as-a-service capabilities for branches of the same provider.
The latest trend involves cybersecurity meshes. He said that the security product consolidation trend is driving the integration of security architecture components.
A cybersecurity mesh architect helps provide a common, integrated security framework and posture to protect all assets.