Key Takeaways

• “This is a time of extraordinarily high visibility for security issues and security leadership, and that means this is a unique opportunity to shift your position in the organization.”

• “Security and risk leaders must not only defend the enterprise, but go on the offensive to help the enterprise take advantage of a wide variety of new opportunities to help them respond to an ever-changing world of threats.”

• “The best coaches in the world are viewed as honest brokers: you’re the person that we can go to when we’re not sure what’s going on and get your advice and expertise to help take us to the next level.”

• “Go on the offensive and take control of your leadership brand. Think about three words your CEO would use to describe you today, and then how you would prefer they describe you three months from now.” 

• “Go on the offensive regarding who you work with and what you work on. Focus on partnering with business customers by being clear about their job on the team.”

• “Coach executives through these tough digital uncertainties in this time of volatility, reframe your culture, embrace your role as that cultural leader, and win together by delivering on cost, revenue and risk.”

Learn more in the Gartner press release “Gartner Identifies Three Steps for Security and Risk Leaders to Lead from an Offensive Position.”

Resilience is a top organizational priority, accelerated by the COVID-19 pandemic. In her session, Roberta Witty, VP Analyst at Gartner, covered four components of organizational resilience, including why resilience is a strategic imperative and an all-in enterprise initiative.

Key Takeaways

• “Building resilience is a journey. It starts with disaster recovery, business continuity, IT resilience, operational resilience and organizational resilience.”

• “Look at organizational resilience as a horizontal lens of your enterprise risk management program.”

• “Resilience must be deliberately designed into the culture of the organization, and must have committed leadership and strong program management.”

• There are four components for a strong IT resilience program:

  • A strategy in governance model

  • A program management model

  • A cybersecurity resilience focus

  • Leveraging technologies that can help build reliability, tolerance and recovery

• “Start with a few management disciplines and expand over time so that resilience does not become a boil in the ocean activity, where everyone loses interest and gets overwhelmed, and nothing gets done.”

This year’s Top Trends in Security and Risk Management highlight strategic shifts in the security ecosystem that aren't widely recognized, but are likely to have potential for disruption in the coming years. In his session, Peter Firstbrook, VP Analyst at Gartner, described each trend and how leading organizations can take advantage of them going into 2022. 

Key Takeaways

• Remote work is the new normal, which introduces a number of security challenges. Protecting and maintaining the remote workspace is critical through developing a limited number of remote work profiles and associated policies.

• The “cybersecurity mesh” architecture is emerging to secure distributed digital assets and extended cybersecurity controls wherever needed.

• Security product consolidation is underway as CISOs are starting to seek simplification of their environments. In fact, 80% of IT organizations plan to pursue a vendor consolidation strategy in the next 3 years, with 30% already doing this.  

• Identity-first security is now an imperative for organizations and represents the way all information workers will function, regardless of whether they are remote or office-bound.

• Machine identity management is becoming a critical security capability, too. It’s not only about securing human entities, but also machines such as workloads and devices.

• Breach and attack simulation tools are emerging to provide continuous defensive posture assessments, especially as recent security attacks make global headlines.

• Privacy enhancing computation protects critical data during processing.There  are three types of computation techniques: data transformation, secure computation and hardware-based security.

• Boards are adding cybersecurity experts to better understand risk. Boards told Gartner that the top two sources of risks to the enterprise are regulatory/compliance risk and cybersecurity.