Conference Updates

November 17, 2021

Gartner Security & Risk Management Summit 2021 Americas: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week virtually in the Americas. Below is a collection of the key announcements and insights coming out of the conference. You can also read the highlights here from Day 1.

On Day 2 from the conference, we are highlighting how to build a ransomware defense structure, vulnerability management best practices and the top trends in privacy. Be sure to check this page throughout the day for updates.

Key Announcements

Preparing for the Inevitable: Building Your Ransomware Defense Structure

Presented by Jon Amato, Senior Director Analyst, Gartner

Ransomware attacks continue to increase globally, and the cybercriminals responsible for those attacks have become increasingly sophisticated in their methods. In this session, Jon Amato, Senior Director Analyst at Gartner, examined the life cycle of a ransomware attack and discussed the defense techniques organizations can use to protect against this threat.

Key Takeaways

  • “Ransomware is everybody’s problem. There is no organization, big or small, in any particular country or line of business, that can consider themselves to be immune to this threat.”

  • “Ransomware attackers are increasingly not just focusing on data encryption, but now we’re hearing of them using data theft as a lever to get their victims to pay up.”

  • “You can have all the tools in the world, and despite the claims of some security vendors, there is no one tool that can protect against this threat. Ransomware defense is an organized program of activities, monitoring and training.”

  • “Backups are essential, but the threat of data exfiltration is becoming so increasingly common that you need more.”

  • “Ransomware is a business resilience issue, and the way that organizations respond needs to be everyone’s problem.” 

  • “Doing the security fundamentals well, although it doesn’t specifically address ransomware, makes your organization more resistant in general.”

  • “Plan for a secure isolated recovery environment, if for nothing else than to keep from inviting the attacker right back in when you think you have shut them out.”

It’s not too late to join the conference!

Vulnerability Management — What Is Working and What Is Not

Presented by Mitchell Schneider, Principal Analyst, Gartner

Vulnerability management is still not a standard practice for many organizations, but it should be a foundational practice of good security hygiene. In this session, Mitchell Schneider, Principal Analyst at Gartner, shared what has and has not worked across people, processes and technologies for organizations implementing a vulnerability management program.

Key Takeaways

  • “If you can move to a situation where your attack surface is so high that only a sophisticated zero-day or an intelligence agency in another country is able to get in, you’ve broken 90% of the threat actors on the internet.”

  • “The goal of vulnerability management is not to patch the most vulnerabilities, but rather to identify and address the threats that are most likely to be exploited against that particular organization.”

  • “Attackers primarily focus on a small number of vulnerabilities that can be reliably exploited at the lowest cost to achieve their outcomes.”

  • “Participation in vulnerability management is hybrid. It does not need a dedicated team residing directly in a security operations center, but rather a combination of stakeholders from various business units who would be able to make decisions at every stage of the vulnerability management process.”

  • “There is no way to manage exposure without proper visibility.”

  • “You cannot boil the ocean. Determine the high-value assets and where critical data is located and focus efforts there.”

Top Trends in Privacy

Presented by Nader Henein, VP Analyst, Gartner

What are leading organizations focused on in regard to data privacy? In his session, Nader Henein, VP Analyst at Gartner, outlined the top five trends in privacy and privacy technology to help enterprises determine clear next steps as maturing global privacy legislation takes center stage. 

Key Takeaways

  • “Privacy is - above all things - personal and goes beyond simple compliance.”

  • “This year’s top trends in privacy comprise the critical levers you need to engage over the coming 24 months to manage liability and promote trust when handling personal information.”

  • Data localization. This is driven by state security, intelligence gathering, protectionism and globalization. Data localization planning will shift to a top priority in the design and acquisition of cloud services.  

  • AI governance. This means understanding the impact and risks of processing large amounts of data through AI-driven decision engines, which will make up the vast majority of decisions that organizations make.

  • Centralize privacy UX is a one stop shop where organizations provide users with transparency on what data is held and how it is used, allowing them to exercise their privacy rights and maintain control over their information.

  • Hybrid everything has implications on everything we do, including raising privacy risks across the enterprise at the personal, organizational and consumer levels.

  • Privacy enhancing computation. Such techniques protect personal and sensitive information at a data, software or hardware level, and  securely share, pool and analyze data without compromising confidentiality or privacy.

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight to executives and their teams. Our expert guidance and tools enable faster, smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit


It's not too late to join the conference

Latest Releases