Skip to main content

Information Technology Security & Risk Management

Savvy enterprise security and risk management leaders will continue to protect their organizations against new and emerging threats in 2022 and beyond, according to the latest global market study findings by Gartner.

"Organizations worldwide are facing sophisticated ransomware, attacks on the digital supply chain and deeply embedded vulnerabilities," said Peter Firstbrook, vice president at Gartner.

The pandemic accelerated remote work adoption, challenging the Chief Information Security Officer (CISO) to secure the distributed workforce -- while dealing with a shortage of skilled IT security staff.

These big challenges create three overarching trends impacting cybersecurity practices: new responses to sophisticated threats; the evolution and reframing of an IT security practice; and rethinking business technology protection.

IT Security and Risk Apps Market Development

According to the Gartner assessment, the following IT security and risk-related issues will have a significant impact across those three domains. Digital transformation projects will likely drive change.

Enterprise attack surfaces are expanding. Risks associated with the use of cyber-physical systems and the Internet of Things (IoT), open-source code, cloud computing applications, and complex digital supply chains exposed surfaces outside of IT controllable assets.

As a result, organizations must now look beyond traditional approaches to security monitoring, detection, and response to manage a wider set of IT security exposures.

Digital risk protection services (DRPS), external attack surface management (EASM) technologies, and cyber asset attack surface management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps.

Global cybercriminals have discovered that attacks on the digital supply chain can provide a high return on investment. As vulnerabilities such as Log4j spread through the supply chain, more threats are expected to emerge.

In fact, Gartner predicts that by 2025, 45 percent of organizations worldwide will have experienced attacks on their software supply chains -- that's a three-fold increase from 2021.

Digital supply chain risks demand new mitigation approaches that involve more deliberate risk-based vendor or partner segmentation and scoring, requests for evidence of security controls and best practices, a shift to resilience-based thinking, and efforts to get ahead of forthcoming government regulations.

Sophisticated threat actors are actively targeting identity and access management (IAM) infrastructure, and credential misuse is now a primary attack vector. Gartner introduced the term “identity threat detection and response” (ITDR) to describe the collection of tools and best practices to defend identity systems.

"Organizations have spent considerable effort improving IAM capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure," said Firstbrook.

Gartner's analysts believe that ITDR tools can help protect identity systems, detect when they are compromised, and enable efficient remediation of ongoing security threats.

Meanwhile, enterprise cybersecurity needs and expectations are maturing, and senior executives now require more agile security amidst an expanding IT infrastructure attack surface.

Thus, the scope, scale, and complexity of digital business make it necessary to distribute cybersecurity decisions, responsibility, and accountability across the organization units and away from a centralized function.

"The CISO role has moved from a technical subject matter expert to that of an executive risk manager," said Firstbrook.

By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of digital organizations. CISOs must reconceptualize their responsibility matrix to empower Boards of Directors, CEOs, and other senior business leaders to make their own informed risk decisions.

Human error continues to be a factor in many data breaches, demonstrating that traditional approaches to "security awareness" training are ineffective. Progressive organizations are investing in holistic security behavior and culture programs (SBCPs), rather than outdated compliance-centric security awareness campaigns.

An SBCP focuses on fostering new ways of thinking and embedding new employee behaviors with the intent to provoke more secure ways of working across the typical enterprise organization.

Furthermore, security technology convergence is accelerating, driven by the need to reduce complexity, reduce administration overhead and increase the effectiveness of IT defense methodologies.

New platform approaches such as extended detection and response (XDR), security service edge (SSE), and cloud-native application protection platforms (CNAPP) are accelerating the benefits of converged solutions.

For example, Gartner predicts that by 2024, 30 percent of enterprises will adopt cloud-delivered secure web gateway (SWG), cloud access security broker (CASB), zero-trust network access (ZTNA), and branch office firewall as a service (FWaaS) capabilities from the same vendor.

It's predicted that the consolidation of IT security functions will lower the total cost of ownership and improve operational efficiency in the long term, leading to better overall security outcomes.

The security product consolidation trend is driving the integration of security architecture components. However, there is still a need to define consistent security policies, enable workflows, and exchange data between consolidated solutions.

A cybersecurity mesh architecture (CSMA) helps provide a common, integrated security structure and posture to secure all assets, whether they’re on-premises, in data centers, or within the public cloud.

Outlook for IT Security and Risk Applications Growth

“Gartner’s top cybersecurity trends don’t exist in isolation; they build on and reinforce one another," concludes Firstbrook. "Taken together, they will help CISOs evolve their roles to meet future security and risk management challenges and continue elevating their standing within their organizations."

That said, I anticipate large enterprise demand for qualified IT security practitioners will continue to rise. That growth trend will increase the rate of IT staff training and certification, in order to upskill more members of the IT infrastructure and operations team.

Besides, I predict that access to IT cybersecurity professional services will be a requirement for all IT vendors that are trusted advisors to their enterprise customers. This skill set is essential for CIOs and CHROs that need qualified and experienced guidance for their secure remote working enablement process.

Popular posts from this blog

Low-Code Software Tools Fuel Transformation

Many CEOs have shared their concern that the digital transformation apps backlog within their organization is causing delays in planned growth initiatives. Therefore, they're investing in new approaches to the challenge. The worldwide market for low-code software development technologies is forecast to total $26.9 billion in 2023 -- that's an increase of 19.6 percent from 2022, according to the latest worldwide market study by Gartner. "Business Technologist" roles and a growing number of hyper-automation initiatives will be the key drivers accelerating the adoption of low-code software technologies through 2026. Low-Code Software Market Development "Organizations are increasingly turning to low-code development technologies to fulfill growing demands for speed application delivery and highly customized automation workflows," said Varsha Mehta, senior research specialist at Gartner . Equipping both professional IT developers and non-IT practitioners -- e.g.

How Savvy Leaders Re-Imagine Work in 2023

As we look to the year ahead, there will be significant challenges and opportunities facing the Chief Human Resource Officer (CHRO) role. In order to be successful, savvy HR leaders must be prepared to take proactive steps that adapt and evolve. "HR leaders have faced an increasingly unpredictable environment amid many organizations mandating a return to office, permanently higher turnover and burnt out employees," said Emily Rose McRae, senior director at Gartner . HR Innovation Market Development One of Gartner's key predictions for 2023 is that the use of artificial intelligence (AI) and automation will continue to increase within the enlightened digital workplace. This transition will require HR leaders to develop new skills and competencies in order to effectively manage and lead teams that are increasingly relying on these enabling technologies. Additionally, HR leaders will need to ensure that their organizations are investing in the necessary infrastructure and re

Why Healthcare and Smart City Apps Drive 5G IoT

Fifth-generation (5G) wireless technology for cellular networks is a successor to fourth-generation (4G) wireless technology. By 2023, Juniper Research anticipates that there will be over 1 billion 5G connections globally. The technology will provide the data infrastructure for the advancement of wireless communications and for new developments in the Internet of Things (IoT) -- including smart cities and healthcare. 5G IoT Market Development According to the latest worldwide market study by Juniper Research, 5G IoT connections will reach 116 million globally by 2026 -- that's increasing from just 17 million connections in 2023. Juniper analysts predict that the healthcare sector applications and government or other smart city services will drive this outstanding 1,100 percent growth over the next three years. Juniper examined 5G adoption across key industry sectors -- such as the automotive, mobile broadband, and smart homes -- and forecasts healthcare and smart cities will accoun