Gartner Newsroom

Key Takeaways

• “Culture hacking is about finding vulnerable points in your culture and turning them into real change that sticks. It has five attributes.”

• Attribute #1: Actionable. “Know what you want to change into.”

• Attribute #2: Low Effort. “It should be low effort and designed under 48 hours.”

• Attribute #3: Immediate. “The hack shouldn’t take months to manifest. The hack should change something immediately, manifesting in the day to day.”

• Attribute #4: Visible. “It should be visible to the whole intended audience. You do a hack once and lots of people see it, feel it and react.”

• Attribute #5: Emotional. “The hack should trigger a visceral reaction to the change you’ve made. People change for emotional reasons, not for analytical ones.”

Key Takeaways

• “The five areas where technology can be improved by the use of ML are: 1) infrastructure protection; 2) identity and access management; 3) risk management; 4) application and data security, and 5) security operations.”
• “In the infrastructure protection and the threat detection category, most of AI and ML’s value will come from supervised learning. To be successful CISOs need to 1) reset the expectations; 2) identify the scope; 3) identify the benefits; 4) compare the costs and combine different techniques and see if threat detection improves.”
• “In the risk management category, before you select tools, you need to evaluate how you are going to use them. You need to improve your organizational skills on using ML before it is necessary, not when you have the tools ready to purchase to fill out a gap.”
• “In security operations, there are three areas where automation and ML can help: 1) asset discovery; 2) policy automation; 3) orchestration. The first one is asset discovery and a mandatory step if you want to be able to create any policy and analyze events. 
• “In 2020 CISOs need to optimize AI costs in four ways: 1) use AI as a complementary technique; 2) do a competitive proof of concept and have outcome-driven metrics; 3) favor short-term subscriptions; 4) don’t buy AI if you do not need it. Set AI technology as staff augmentation, not replacement.”

Key Takeaways

• Privacy regulations, the shortage of technical security staff, increasingly complex applications and the unrelenting evolution of threats continue to be significant ongoing security challenges. However, “the elephant in the room this year has been COVID. Organizations are really struggling with 100% remote access. COVID is accelerating a lot of trends we’ve seen in the last 10 years.”
• Extended Detection and Response (XDR): “XDR unites all of your security tools into a common data format and data location and then starts to make correlations between related events so that we can do better at detecting events that were under the radar.”
• Security Process Automation: “We’re starting to see a lot more vendors in process automation to address the skills gap and to make it easier to get repetitive tasks done.”
• Securing Artificial Intelligence: “A lot of organizations have invested in machine learning and artificial intelligence, but very few of them have really looked at how that might be gamed by a malicious or a motivated attacker.”
• The Impact of Cyber on the Physical World: “As more and more things become digitalized and we start to rely on the Internet of Things, security is starting to become more about safety than about information security.”
• Trust and Safety Teams: “The digital perimeter is all of those points where your customer interacts with your environment—your call center, your website, your social media presence and even your physical environment. Do customers feel safe there?”
• Other top security and risk trends for 2020 include privacy, Secure Access Service Edge (SASE) and cloud workload protection.

Learn more about these top trends in "Gartner Top 9 Security and Risk Trends for 2020."