Gartner Newsroom

Conference Updates

September 17, 2020

Gartner Security & Risk Management Summit, Day 4 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit taking place this week virtually in EMEA and the Americas. Below is a collection of the key announcements, and insights coming out of the conference. You can also read the highlights here from Day 1, Day 2 and Day 3.

On Day 4 from the conference, we are highlighting crisis culture hacking and how to keep employees sane over the long haul, followed by an examination of the state of artificial intelligence in security and risk management, and then we’ll identify the top trends in security and risk management. Be sure to check this page throughout the day for updates.

Key Announcements

Press releases and stories covering news from the Gartner Security & Risk Management Summit conference are listed below:

Keynote: Crisis Culture Hacking: How to Keep Your Employees Sane Over the Long Haul

Presented by Mary Mesaglio, Distinguished VP Analyst, Gartner

You feel that your team is demotivated and at the same time you are being asked to rally your team to help carry the enterprise through the pandemic crisis. In this keynote session, Mary Mesaglio, Distinguished VP Analyst at Gartner, explored how crisis culture hacking can help security and risk  leaders keep employees positive and motivated.

Key Takeaways

  • “Culture hacking is about finding vulnerable points in your culture and turning them into real change that sticks. It has five attributes.”

  • Attribute #1: Actionable. “Know what you want to change into.”

  • Attribute #2: Low Effort. “It should be low effort and designed under 48 hours.”

  • Attribute #3: Immediate. “The hack shouldn’t take months to manifest. The hack should change something immediately, manifesting in the day to day.”

  • Attribute #4: Visible. “It should be visible to the whole intended audience. You do a hack once and lots of people see it, feel it and react.”

  • Attribute #5: Emotional. “The hack should trigger a visceral reaction to the change you’ve made. People change for emotional reasons, not for analytical ones.”


It’s not too late to join the conference!

The State of Artificial Intelligence in Security and Risk Management

Presented by Jeremy D’Hoinne, VP Analyst, Gartner 

When considering the use of artificial intelligence (AI) and machine learning (ML), CISOs need to assess the potential benefits and risks of ML techniques. Jeremy D’Hoinne, VP Analyst at Gartner, explored five initiatives where AI and ML are used and outlined maturity techniques and lessons learned.

Key Takeaways

  • “The five areas where technology can be improved by the use of ML are: 1) infrastructure protection; 2) identity and access management; 3) risk management; 4) application and data security, and 5) security operations.”
  • “In the infrastructure protection and the threat detection category, most of AI and ML’s value will come from supervised learning. To be successful CISOs need to 1) reset the expectations; 2) identify the scope; 3) identify the benefits; 4) compare the costs and combine different techniques and see if threat detection improves.”
  • “In the risk management category, before you select tools, you need to evaluate how you are going to use them. You need to improve your organizational skills on using ML before it is necessary, not when you have the tools ready to purchase to fill out a gap.”
  • “In security operations, there are three areas where automation and ML can help: 1) asset discovery; 2) policy automation; 3) orchestration. The first one is asset discovery and a mandatory step if you want to be able to create any policy and analyze events. 
  • “In 2020 CISOs need to optimize AI costs in four ways: 1) use AI as a complementary technique; 2) do a competitive proof of concept and have outcome-driven metrics; 3) favor short-term subscriptions; 4) don’t buy AI if you do not need it. Set AI technology as staff augmentation, not replacement.”

Top Trends in Security & Risk Management

Presented by Peter Firstbrook, VP Analyst, Gartner 

There are a number of ongoing strategic shifts in the security ecosystem that aren't yet widely recognized, but are expected to have broad industry impact and significant potential for disruption. In this session, Peter Firstbrook, VP Analyst at Gartner, discussed the top trends in security and risk management for 2020. 

Key Takeaways

  • Privacy regulations, the shortage of technical security staff, increasingly complex applications and the unrelenting evolution of threats continue to be significant ongoing security challenges. However, “the elephant in the room this year has been COVID. Organizations are really struggling with 100% remote access. COVID is accelerating a lot of trends we’ve seen in the last 10 years.”
  • Extended Detection and Response (XDR): “XDR unites all of your security tools into a common data format and data location and then starts to make correlations between related events so that we can do better at detecting events that were under the radar.”
  • Security Process Automation: “We’re starting to see a lot more vendors in process automation to address the skills gap and to make it easier to get repetitive tasks done.”
  • Securing Artificial Intelligence: “A lot of organizations have invested in machine learning and artificial intelligence, but very few of them have really looked at how that might be gamed by a malicious or a motivated attacker.”
  • The Impact of Cyber on the Physical World: “As more and more things become digitalized and we start to rely on the Internet of Things, security is starting to become more about safety than about information security.”
  • Trust and Safety Teams: “The digital perimeter is all of those points where your customer interacts with your environment—your call center, your website, your social media presence and even your physical environment. Do customers feel safe there?”
  • Other top security and risk trends for 2020 include privacy, Secure Access Service Edge (SASE) and cloud workload protection.

Learn more about these top trends in "Gartner Top 9 Security and Risk Trends for 2020."

That's a wrap from the Gartner Security & Risk Management Summit. You can visit the Gartner Newsroom to find additional news and insights.

Contacts

It's not too late to join the conference

Latest Releases

About Gartner

Gartner, Inc. (NYSE: IT) is the world’s leading research and advisory company and a member of the S&P 500. We equip business leaders with indispensable insights, advice and tools to achieve their mission-critical priorities today and build the successful organizations of tomorrow.

Our unmatched combination of expert-led, practitioner-sourced and data-driven research steers clients toward the right decisions on the issues that matter most. We are a trusted advisor and an objective resource for more than 14,000 enterprises in more than 100 countries — across all major functions, in every industry and enterprise size.

To learn more about how we help decision makers fuel the future of business, visit gartner.com.