We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week virtually in the Americas. Below is a collection of the key announcements and insights coming out of the conference.
On Day 1 from the conference, we are highlighting the Opening Keynote, tips for security leaders to prevent and respond to phishing attacks and the Gartner top trends in security and risk management.
Presented by Tina Nunno, Distinguished VP Analyst, Gartner
As a security leader, it’s essential to take an offensive approach rather than a defensive one, setting the terms of engagement rather than having them set by others. In her Opening Keynote session, Tina Nunno, Distinguished VP Analyst at Gartner, explored how security leaders can ensure they lead from an offensive position to deliver the best results for themselves and for their enterprises.
“This is a time of extraordinarily high visibility for security issues and security leadership, and that means this is a unique opportunity to shift your position in the organization.”
“Security and risk leaders must not only defend the enterprise, but go on the offensive to help the enterprise take advantage of a wide variety of new opportunities to help them respond to an ever-changing world of threats.”
“The best coaches in the world are viewed as honest brokers: you’re the person that we can go to when we’re not sure what’s going on and get your advice and expertise to help take us to the next level.”
“Go on the offensive and take control of your leadership brand. Think about three words your CEO would use to describe you today, and then how you would prefer they describe you three months from now.”
“Go on the offensive regarding who you work with and what you work on. Focus on partnering with business customers by being clear about their job on the team.”
“Coach executives through these tough digital uncertainties in this time of volatility, reframe your culture, embrace your role as that cultural leader, and win together by delivering on cost, revenue and risk.”
Learn more in the Gartner press release “Gartner Identifies Three Steps for Security and Risk Leaders to Lead from an Offensive Position.”
Presented by Mario de Boer, VP Analyst, Gartner
Phishing is a technique that has been long used by cybercriminals, but the sophistication of phishing attacks have reached levels that cannot be dealt with by a single product. In this session, Mario de Boer, VP Analyst at Gartner, explored examples of advanced phishing attacks and highlighted the five most critical components of any email security architecture.
Component 1: Basic secure email gateway (SEG): “Your first layer of defense is a SEG, which provides protection against widespread phishing attacks if they are configured correctly and the fact that attackers reuse their phishing kits.”
Component 2: Recipient-centric phishing detection and response: “Security awareness and phishing simulation training are done with the hopes that if a user receives an email, they will analyze that email and respond correctly.”
Component 3: Advanced SEG and supplements: “These solutions typically use machine learning to model normal behavior and flag anomalous behavior.”
Component 4: SOC-centric phishing detection and response: “Many organizations have highly skilled people sitting in a security operations center (SOC) that spend a significant portion of their time looking at phishing messages.”
Presented by Peter Firstbrook, VP Analyst, Gartner
This year’s Top Trends in Security and Risk Management highlight strategic shifts in the security ecosystem that aren't widely recognized, but are likely to have potential for disruption in the coming years. In his session, Peter Firstbrook, VP Analyst at Gartner, described each trend and how leading organizations can take advantage of them going into 2022.
Remote work is the new normal, which introduces a number of security challenges. Protecting and maintaining the remote workspace is critical through developing a limited number of remote work profiles and associated policies.
The “cybersecurity mesh” architecture is emerging to secure distributed digital assets and extended cybersecurity controls wherever needed.
Security product consolidation is underway as CISOs are starting to seek simplification of their environments. In fact, 80% of IT organizations plan to pursue a vendor consolidation strategy in the next 3 years, with 30% already doing this.
Identity-first security is now an imperative for organizations and represents the way all information workers will function, regardless of whether they are remote or office-bound.
Machine identity management is becoming a critical security capability, too. It’s not only about securing human entities, but also machines such as workloads and devices.
Breach and attack simulation tools are emerging to provide continuous defensive posture assessments, especially as recent security attacks make global headlines.
Privacy enhancing computation protects critical data during processing.There are three types of computation techniques: data transformation, secure computation and hardware-based security.
Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com.
Meghan Rimol
Gartner
Meghan.Rimol@Gartner.com
