Skip to main content

Information Technology Security & Risk Management

Savvy enterprise security and risk management leaders will continue to protect their organizations against new and emerging threats in 2022 and beyond, according to the latest global market study findings by Gartner.

"Organizations worldwide are facing sophisticated ransomware, attacks on the digital supply chain and deeply embedded vulnerabilities," said Peter Firstbrook, vice president at Gartner.

The pandemic accelerated remote work adoption, challenging the Chief Information Security Officer (CISO) to secure the distributed workforce -- while dealing with a shortage of skilled IT security staff.

These big challenges create three overarching trends impacting cybersecurity practices: new responses to sophisticated threats; the evolution and reframing of an IT security practice; and rethinking business technology protection.

IT Security and Risk Apps Market Development

According to the Gartner assessment, the following IT security and risk-related issues will have a significant impact across those three domains. Digital transformation projects will likely drive change.

Enterprise attack surfaces are expanding. Risks associated with the use of cyber-physical systems and the Internet of Things (IoT), open-source code, cloud computing applications, and complex digital supply chains exposed surfaces outside of IT controllable assets.

As a result, organizations must now look beyond traditional approaches to security monitoring, detection, and response to manage a wider set of IT security exposures.

Digital risk protection services (DRPS), external attack surface management (EASM) technologies, and cyber asset attack surface management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps.

Global cybercriminals have discovered that attacks on the digital supply chain can provide a high return on investment. As vulnerabilities such as Log4j spread through the supply chain, more threats are expected to emerge.

In fact, Gartner predicts that by 2025, 45 percent of organizations worldwide will have experienced attacks on their software supply chains -- that's a three-fold increase from 2021.

Digital supply chain risks demand new mitigation approaches that involve more deliberate risk-based vendor or partner segmentation and scoring, requests for evidence of security controls and best practices, a shift to resilience-based thinking, and efforts to get ahead of forthcoming government regulations.

Sophisticated threat actors are actively targeting identity and access management (IAM) infrastructure, and credential misuse is now a primary attack vector. Gartner introduced the term “identity threat detection and response” (ITDR) to describe the collection of tools and best practices to defend identity systems.

"Organizations have spent considerable effort improving IAM capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure," said Firstbrook.

Gartner's analysts believe that ITDR tools can help protect identity systems, detect when they are compromised, and enable efficient remediation of ongoing security threats.

Meanwhile, enterprise cybersecurity needs and expectations are maturing, and senior executives now require more agile security amidst an expanding IT infrastructure attack surface.

Thus, the scope, scale, and complexity of digital business make it necessary to distribute cybersecurity decisions, responsibility, and accountability across the organization units and away from a centralized function.

"The CISO role has moved from a technical subject matter expert to that of an executive risk manager," said Firstbrook.

By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of digital organizations. CISOs must reconceptualize their responsibility matrix to empower Boards of Directors, CEOs, and other senior business leaders to make their own informed risk decisions.

Human error continues to be a factor in many data breaches, demonstrating that traditional approaches to "security awareness" training are ineffective. Progressive organizations are investing in holistic security behavior and culture programs (SBCPs), rather than outdated compliance-centric security awareness campaigns.

An SBCP focuses on fostering new ways of thinking and embedding new employee behaviors with the intent to provoke more secure ways of working across the typical enterprise organization.

Furthermore, security technology convergence is accelerating, driven by the need to reduce complexity, reduce administration overhead and increase the effectiveness of IT defense methodologies.

New platform approaches such as extended detection and response (XDR), security service edge (SSE), and cloud-native application protection platforms (CNAPP) are accelerating the benefits of converged solutions.

For example, Gartner predicts that by 2024, 30 percent of enterprises will adopt cloud-delivered secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and branch office firewall as a service (FWaaS) capabilities from the same vendor.

It's predicted that the consolidation of IT security functions will lower the total cost of ownership and improve operational efficiency in the long term, leading to better overall security outcomes.

The security product consolidation trend is driving the integration of security architecture components. However, there is still a need to define consistent security policies, enable workflows, and exchange data between consolidated solutions.

A cybersecurity mesh architecture (CSMA) helps provide a common, integrated security structure and posture to secure all assets, whether they’re on-premises, in data centers, or within the public cloud.

Outlook for IT Security and Risk Applications Growth

“Gartner’s top cybersecurity trends don’t exist in isolation; they build on and reinforce one another," concludes Firstbrook. "Taken together, they will help CISOs evolve their roles to meet future security and risk management challenges and continue elevating their standing within their organizations."

That said, I anticipate large enterprise demand for qualified IT security practitioners will continue to rise. That growth trend will increase the rate of IT staff training and certification, in order to upskill more members of the IT infrastructure and operations team.

Besides, I predict that access to IT cybersecurity professional services will be a requirement for all IT vendors that are trusted advisors to their enterprise customers. This skill set is essential for CIOs and CHROs that need qualified and experienced guidance for their secure remote working enablement process.

Popular posts from this blog

GenAI: A New Era in Business Transformation

The advent of artificial intelligence (AI) has ushered in a new frontier of innovation, with Generative AI (GenAI) at the forefront. At the brink of this revolution, it's crucial to understand the current GenAI adoption and its implications for commerce worldwide. A recent poll conducted by Gartner provides valuable insights into this emerging trend and the potential upside opportunities. Generative AI Market Development The poll, which included 1,419 executive leaders, indicates a significant shift in the corporate world's perception and adoption of GenAI. The data reveals that 45 percent of respondents are currently piloting GenAI, while another 10 percent have put it into production. This is a substantial increase from a similar poll conducted in March and April 2023, where only 15 percent were piloting and 4 percent were in production. GenAI is no longer a mere buzzword; it has become a strategic focus for organizations worldwide. As Frances Karamouzis, VP Analyst at Gartne

GenAI Revolution: The Future of B2B Sales Apps

When B2B buyers consider a purchase they spend just 17 percent of that time meeting with vendors. When they are comparing multiple suppliers‚ time spent with any one salesperson is 5 or 6 percent. Self-directed B2B buyer online research has already changed procurement. IT vendors are less likely to be involved in solution assessment. Now, more disruptive changes are on the horizon. By 2028, 60 percent of B2B seller work will be executed through conversational user interfaces via Generative Artificial Intelligence sales technologies -- that's up from less than 5 percent in 2023, according to Gartner. Generative AI Market Development "Sales operations leaders and their technology teams must prepare for the convergence of new forms of artificial intelligence, dynamic process automation, and reinvented deal-planning activities that will transform the sales function," said Adnan Zijadic, director analyst at Gartner . According to the Gartner assessment, Generative AI (GenAI) s

Industrial and Manufacturing Technology Growth

In an evolving era of rapid advancement, market demand for innovative technology in the industrial and manufacturing sectors is skyrocketing. Leaders are recognizing the immense potential of digital transformation and are driving initiatives to integrate technologies into their business operations.  These initiatives aim to enhance efficiency, reduce costs, and ultimately drive growth and competitiveness in an increasingly digital business upward trajectory. The industrial and manufacturing sectors have been the backbone of the Global Networked Economy, contributing $16 trillion in value in 2021. Industrial and Manufacturing Tech Market Development   This growth represents a 20 percent increase from 2020, highlighting the resilience and adaptability of these sectors in the face of unprecedented challenges, according to the latest worldwide market study by ABI Research . The five largest manufacturing verticals -- automotive, computer and electronic, primary metal, food, and machinery -