Key Takeaways from the Gartner Security and Risk Management Summit
I’ve just returned from Gartner’s Security and Risk Management Summit, which is always packed full of thought-provoking predictions on cybersecurity’s future. In this blog post, I’ll highlight the themes that caught my imagination, staying close to the high-level messages Gartner intended for generalists.
I’ll begin with threat intelligence, the largest section of the summit, and go from there. I’ll be covering AI, big data and analytics, chief information security officers (CISOs), business-contextualized controls, internal controls, and much more. Here goes…
1. The Future of Threat Intelligence with AI by John Collins
John Collins described his talk by stating: Thousands of analysts sit in front of dashboards, hardening networks, and hunting for threats … but is it having any effect … we seek a powerful tool to add an intelligence amplification capability that puts humans in a position to add value, not just crunch data. His presentation highlighted that AI technologies can potentially bring real advantages to the field of CTI. A summary of his presentation follows:
- Native CTI AI Augmentation. AI automates large amounts of the CTI lifecycle and can be leveraged from data collection to threat analysis. By the end of 2024, this shift will save at least 25 percent of manual effort.
- Multimodal artificial intelligence: integrating disparate data types (text, video, images, etc.) to provide a single coherent view, turning the world of threatscapes on its head.
Advance Recommendations: AI-driven risk analysis can provide helpful advance recommendations to enhance informed decision-making in security operations.
Action Items:
- Assess and identify gaps in current CTI programs.
- Partner with security tech providers to beta test CTI AI features.
- Check out related capabilities like Digital Risk Protection Services (DRPS) and External Attack Surface Management (EASM).
2. Centralize or Decentralize: Enabling Risk Decision-Making at the Pace of Business by Oscar Isaka
Oscar Isaka’s session focused on balancing innovation with security by enabling decentralized risk decision-making:
- Innovation but with security: Many employees are likely to circumvent security in the name of business goals. A decentralized ethos enables teams to make their own risk-based decisions.
- The reports urge entities to train their workers and make cybersecurity part of everyday business operations to increase cyber judgment.
Johnson & Johnson Case Study:
- Implementing a Citizen Development Portal helped manage cyber risk while promoting innovation.
- Using standardized support offerings and automated security tooling, the bank could save at least 30,000 hours of employee time without adding a single person to the security workforce.
Action Items:
- Develop clear and centralized cybersecurity guidance.
- Deploy a distributed risk decision-making model.
- Integrate security staff into specialized business functions.
3. Will Generative AI Save or Ruin Cybersecurity? by Jeremy D’Hoinne
Jeremy D’Hoinne’s talk explored the dual-edged nature of generative AI in cybersecurity:
- Threats and Challenges: AI is a new social engineering tool that can create deepfakes and can be used to automate the spread of malware, creating new challenges for threat detection and response.
- AI for Security Operations: GenAI can be leveraged for alert enrichment, threat intelligence, and risk overviews, subsequently improving operational efficiency.
Mitigation Strategies:
- Implement stronger business workflows to counter social engineering.
- Reevaluate biometric controls and update IT processes to enhance security.
Action Items:
- Focus on immediate threats like deepfakes and social engineering.
- Experiment with AI assistants to augment cybersecurity staff.
- Plan for potential AI evolutions and their impact on cybersecurity practices.
4. Emerging Technologies in Security and Risk Management by Neil MacDonald
Neil MacDonald discussed the top technologies and trends reshaping security and risk management:
- Consolidating Multiple Cybersecurity Platforms: Creating one platform from multiple cybersecurity products to reduce risk and increase efficacy.
- Identity as Critical Infrastructure: Recognising your identity systems as critical infrastructure and prioritizing their protection when they become prime attack targets.
- Continuous Threat Exposure Management (CTEM): An active approach to exposure assessment of pervasive threats to all domains.
5. Third-Party Cyber Risk Management by Christopher Mixter and Dennis Xu
This session highlighted the importance of robust third-party cyber risk management practices:
- Incident Response Planning: Creating formal contingency plans and conducting third-party incident response planning can significantly improve the effectiveness of third-party cyber risk management.
- Business Continuity: Integrating business continuity management into third-party risk management strategies to enhance resilience.
6. Addressing the Cybersecurity Skills Gap by Oscar Isaka
Oscar Isaka also touched upon the ongoing challenge of addressing the cybersecurity skills gap:
- Generative AI as a Solution: Leveraging AI to augment the capabilities of cybersecurity professionals and mitigate the impact of the skills shortage.
- Resilience-Driven Cybersecurity: Implementing efficient, resource-driven cybersecurity strategies to manage third-party risks and enhance overall resilience.
7. Augmented Cybersecurity: How to Thrive Amid Complexity by Christopher Mixter and Dennis Xu
This keynote focused on building a resilient cybersecurity strategy in the face of complex and evolving threats:
- Minimum Effective Toolset: Streamlining cybersecurity tools to the minimum required for effective threat detection and response.
- Fault-Tolerant Organizations: Developing strategies to build fault-tolerant organizations that can quickly recover from cyber incidents.
The Gartner Security and Risk Management Summit provided valuable insights into the evolving landscape of cybersecurity. By leveraging AI, adopting decentralized risk management models, and preparing for the challenges posed by generative AI, organizations can enhance their cybersecurity posture and foster a more resilient security environment. As we move forward, continuous experimentation and adaptation will be crucial in navigating the complexities of modern cyber threats.
Recommended Gartner Research
- How to Evaluate Your Threat Intelligence Program’s Effectiveness by Jonathan Nunez and Mitchell Schneider
- Market Guide for Security Threat Intelligence Products and Services by Jonathan Nunez, Ruggero Contu, and Mitchell Schneider
- Emerging Tech: Top Use Cases for AI in Threat Detection, Investigation, and Response by Travis Lee, Matt Milone, Elizabeth Kim, and John Collins
- Predicts 2024: AI & Cybersecurity — Turning Disruption Into an Opportunity by Jeremy D’Hoinne, Avivah Litan, and Others.