Gartner hosted their annual Security and Risk Management Summit where Research Vice President, Peter Firstbrook, presented on Gartner’s 8 critical trends for security and risk-management leaders in his keynote address. As COVID-19 has rapidly accelerated digital business transformation, many cybersecurity challenges have been identified.
Key challenges organizations across the globe are experiencing include the skills gap, complex geopolitical situations, and increasing migrations of workspaces off traditional networks. The following 8 trends are what Gartner has identified to have the most industry impact and potential for disruption.
Cybersecurity Mesh
Cybersecurity mesh is a modern approach that deploys controls where they are most needed. Instead of running security tools in a silo, a cybersecurity mesh allows tools to work in conjunction with each other.
Identity-First Security
As Firstbrook said, “the SolarWinds attack demonstrated that we’re not doing a great job of managing and monitoring identities. While a lot of money has been spent on multifactor authentication, single sign-on and biometric authentication, very little has been spent on effective monitoring of authentication to spot attacks against this infrastructure.” Identity-first security puts identity at the center of security design and demands a shift from traditional thinking.
Security Support for Remote Work is Here to Stay
Remote work is here to stay. A majority of the workforce will continue to work remotely post COVID-19. For most organizations, this requires a shift in traditional security policies and tools that are more suitable to a remote work culture. Security leaders will need to revisit outdated technologies and find services that are more conducive to a remote work environment.
Cyber-Savvy Board of Directors
Cybersecurity is a top priority for organizations of all sizes especially after the dramatic increase of cyberattacks in 2020 due to COVID-19. Gartner predicts that by 2025, 40% of boards of directors will have a dedicated cybersecurity committee.
Security Vendor Consolidation
78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio. In 2021, we will see organizations decreasing their complexity and integrating costs by consolidating vendors over the next three years. Having fewer vendors allows for better configuration and security management.
Privacy-Enhancing Computation
To enable secure data processing, sharing, and analytics, privacy-enhancing computation techniques are emerging that protect data while it is being used as opposed to while it’s at rest or in motion. By the end of 2025, Gartner predicts that 50% of large organizations will adopt privacy-enhancing computation.
Breach and Attack Simulation
With a record number of attacks in 2020, breach and attack simulation (BAS) tools are emerging to provide organizations to more defensive tools against cybercriminals. These BAS tools will help identify gaps and allow IT teams to deploy more effective security measures.
Managing Machine Identities
With an increasing amount of interaction between devices, applications, and cloud services, machine identity management aims to establish and manage trust within these interactions and will become a vital part of the security strategy.
