Skip to main content

Information Technology Security & Risk Management

Savvy enterprise security and risk management leaders will continue to protect their organizations against new and emerging threats in 2022 and beyond, according to the latest global market study findings by Gartner.

"Organizations worldwide are facing sophisticated ransomware, attacks on the digital supply chain and deeply embedded vulnerabilities," said Peter Firstbrook, vice president at Gartner.

The pandemic accelerated remote work adoption, challenging the Chief Information Security Officer (CISO) to secure the distributed workforce -- while dealing with a shortage of skilled IT security staff.

These big challenges create three overarching trends impacting cybersecurity practices: new responses to sophisticated threats; the evolution and reframing of an IT security practice; and rethinking business technology protection.

IT Security and Risk Apps Market Development

According to the Gartner assessment, the following IT security and risk-related issues will have a significant impact across those three domains. Digital transformation projects will likely drive change.

Enterprise attack surfaces are expanding. Risks associated with the use of cyber-physical systems and the Internet of Things (IoT), open-source code, cloud computing applications, and complex digital supply chains exposed surfaces outside of IT controllable assets.

As a result, organizations must now look beyond traditional approaches to security monitoring, detection, and response to manage a wider set of IT security exposures.

Digital risk protection services (DRPS), external attack surface management (EASM) technologies, and cyber asset attack surface management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps.

Global cybercriminals have discovered that attacks on the digital supply chain can provide a high return on investment. As vulnerabilities such as Log4j spread through the supply chain, more threats are expected to emerge.

In fact, Gartner predicts that by 2025, 45 percent of organizations worldwide will have experienced attacks on their software supply chains -- that's a three-fold increase from 2021.

Digital supply chain risks demand new mitigation approaches that involve more deliberate risk-based vendor or partner segmentation and scoring, requests for evidence of security controls and best practices, a shift to resilience-based thinking, and efforts to get ahead of forthcoming government regulations.

Sophisticated threat actors are actively targeting identity and access management (IAM) infrastructure, and credential misuse is now a primary attack vector. Gartner introduced the term “identity threat detection and response” (ITDR) to describe the collection of tools and best practices to defend identity systems.

"Organizations have spent considerable effort improving IAM capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure," said Firstbrook.

Gartner's analysts believe that ITDR tools can help protect identity systems, detect when they are compromised, and enable efficient remediation of ongoing security threats.

Meanwhile, enterprise cybersecurity needs and expectations are maturing, and senior executives now require more agile security amidst an expanding IT infrastructure attack surface.

Thus, the scope, scale, and complexity of digital business make it necessary to distribute cybersecurity decisions, responsibility, and accountability across the organization units and away from a centralized function.

"The CISO role has moved from a technical subject matter expert to that of an executive risk manager," said Firstbrook.

By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of digital organizations. CISOs must reconceptualize their responsibility matrix to empower Boards of Directors, CEOs, and other senior business leaders to make their own informed risk decisions.

Human error continues to be a factor in many data breaches, demonstrating that traditional approaches to "security awareness" training are ineffective. Progressive organizations are investing in holistic security behavior and culture programs (SBCPs), rather than outdated compliance-centric security awareness campaigns.

An SBCP focuses on fostering new ways of thinking and embedding new employee behaviors with the intent to provoke more secure ways of working across the typical enterprise organization.

Furthermore, security technology convergence is accelerating, driven by the need to reduce complexity, reduce administration overhead and increase the effectiveness of IT defense methodologies.

New platform approaches such as extended detection and response (XDR), security service edge (SSE), and cloud-native application protection platforms (CNAPP) are accelerating the benefits of converged solutions.

For example, Gartner predicts that by 2024, 30 percent of enterprises will adopt cloud-delivered secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and branch office firewall as a service (FWaaS) capabilities from the same vendor.

It's predicted that the consolidation of IT security functions will lower the total cost of ownership and improve operational efficiency in the long term, leading to better overall security outcomes.

The security product consolidation trend is driving the integration of security architecture components. However, there is still a need to define consistent security policies, enable workflows, and exchange data between consolidated solutions.

A cybersecurity mesh architecture (CSMA) helps provide a common, integrated security structure and posture to secure all assets, whether they’re on-premises, in data centers, or within the public cloud.

Outlook for IT Security and Risk Applications Growth

“Gartner’s top cybersecurity trends don’t exist in isolation; they build on and reinforce one another," concludes Firstbrook. "Taken together, they will help CISOs evolve their roles to meet future security and risk management challenges and continue elevating their standing within their organizations."

That said, I anticipate large enterprise demand for qualified IT security practitioners will continue to rise. That growth trend will increase the rate of IT staff training and certification, in order to upskill more members of the IT infrastructure and operations team.

Besides, I predict that access to IT cybersecurity professional services will be a requirement for all IT vendors that are trusted advisors to their enterprise customers. This skill set is essential for CIOs and CHROs that need qualified and experienced guidance for their secure remote working enablement process.

Popular posts from this blog

How a Digital-First CEO Leads Transformation

Some leaders reject the notion that "wait and see" is the best response to disruptive change. Savvy senior executives are already driving digital business transformation throughout their organization in an effort to gain a bold strategic advantage. According to the latest market study by International Data Corp (IDC), Digital-First CEOs plan to drive at least half of their income from digital business products, services, and experiences by 2027 -- that's ahead of the market average of 39 percent. Driven by their response to the COVID-19 pandemic, these business leaders have changed how they think about the relationship between business and technology, and how they approach the next digital transformation era -- from scaling digital technology to guiding a viable digital business. Digital Business Market Development IDC defines digital business as value creation based on technology, which entails: 1) Automated customer-facing processes and internal operations; 2) Provision

Digital Solutions for Industrial & Manufacturing Firms

Executive leaders of fast-moving consumer goods (FMCG) are seeking guidance on how to apply new business technology in their manufacturing operations. CIOs and CTOs are tasked with gaining insight into the best solutions for digital transformation. ABI Research evaluated the impact politics, regulation, the economy, supply chain, ESG, and technology are having on FMCG, pharma, producers of steel, chemicals, pulp and paper -- as well as the mining and oil & gas sectors. Digital Transformation Market Development "Our assessment found that the FMCG sector is under pressure from all sides," says Michael Larner, industrial & manufacturing research director at ABI Research . Securing raw materials is challenging considering lockdowns in China and limited grain supplies from Ukraine. Supply shocks are raising input costs, and operating costs are rising with higher energy costs coupled with the pressure to pay higher wages and work sustainably. "We all hoped that with th

Retail Transformation Gains New Momentum

Forward-thinking retailers now have a bright future. In contrast, those that failed to enhance their business model via digital transformation have struggled, declined, and their assets were eventually liquidated. The key difference between these two business outcomes is applied strategic foresight. Even as the world continues to emerge from a global pandemic, retail is growing at levels not seen in the last two decades. Retail sales grew by 7 percent in 2020 and by over 14 percent in 2021, which is in stark contrast to the 3.7 percent annual growth between 2010 and 2019. The increased demand for retail has put a strain on supply chains and retail operations worldwide. As a result, retailers and stakeholders are turning to automation solutions such as mobile robotics for operational ease. Retail Transformation Market Development According to the latest market study by ABI Research, worldwide commercial robot revenue in retail stores will have a Compounded Annual Growth Rate (CAGR) of o