National Harbor, Md., June 7, 2022

Gartner Security & Risk Management Summit 2022 National Harbor: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the opening keynote presentation on the evolution of cybersecurity, as well as sessions on cloud security and the artificial intelligence attack surface. Be sure to check this page throughout the day for updates.

Key Announcements

Gartner Highlights Three Ways Security Leaders Can Prepare for the Evolution of Cybersecurity Strategy, Roles and Technology

Gartner Opening Keynote: Cybersecurity 2032: Accelerating the Evolution of Cybersecurity

Presented by Andrew Walls, Distinguished VP Analyst at Gartner and Katell Thielemann, VP Analyst at Gartner

As accountability for cyber risk shifts outside IT and an increasingly distributed ecosystem leads to a loss of direct decision-making control, the role of the cybersecurity leader will evolve. In this session, Andrew Walls, Distinguished VP Analyst at Gartner and Katell Thielemann, VP Analyst at Gartner identified the threats, vulnerabilities and risks that organizations will face through this evolution.

Key Takeaways

“Cybersecurity leaders and teams will need to evolve faster than ever before.”
“To become a sustainable leader with sustainable teams, you will need to surround yourself with the people who complement (your) weaknesses.”
“Far too often a failure to communicate leads to significant system disruption and, in some cases, catastrophic career disruption for the CISO.”
“A strategy of bringing business into cybersecurity decisions produces better resilience, and more willing collaboration between business users and the office of the CISO.”
“The realization that successful attacks are inevitable helps business leaders understand that improvement is not just about technical security, but the business itself has to be part of the security strategy.”
Gartner predicts that by 2035, 90% of detection and 60% of response to cyberattacks will be handled by AI. “The volume and speed of attacks will grow by multiple orders of magnitude. AIs will classify those attacks and only raise an alert when a predefined threshold is reached, allowing the cybersecurity team to focus on the attacks that matter.”
“We have to shift to a predictive model, not simply as a matter of best practice but as a matter of career resilience and preserving our mental and physical wellbeing.”

Learn more from the Gartner Opening Keynote in the associated Gartner press release.

Outlook for Cloud Security

Presented by Charlie Winckless, Senior Director Analyst, Gartner

Cloud security remains a top priority, but there are many unique risks associated with public cloud service providers. In this session, Charlie Winckless, Senior Director Analyst at Gartner, summarized the problems, recommended processes and new product types to address the key security challenges of infrastructure-as-a-service (IaaS) and software-as-a-service (SaaS).

Key Takeaways

“Many organizations started leveraging traditional security products in the cloud in the early cloud adoption phase. This approach can work in the short term, but as application and DevOps teams adopt cloud-native services, traditional security products are not able to address these use cases.”
“Cloud-native security needs to address runtime protection, cloud configuration, artifact scanning and DevSecOps enablement.”
“Born in the cloud enterprises and their security investments can be a guide to the future state of security.”
“Align security with the underlying architecture and business criticality. One size does not fit all.”
“Cloud security capabilities are likely newer and more versatile, so apply these to your on-premises systems where suitable.”
“Looking ahead on the horizon of cloud security, new technologies and trends that may emerge include cloud providers becoming security providers, security or policy as code, data and cloud sovereignty, confidential computing and more.”

What Security Needs to Know and Do About the New AI Attack Surface

Presented by Avivah Litan, Distinguished VP Analyst, Gartner

Detecting and stopping attacks and compromises against artificial intelligence (AI) requires new techniques. In this session, Avivah Litan, Distinguished VP Analyst at Gartner, highlighted the new tools and organizational structures needed to mitigate the harm of AI attacks and compromises.

Key Takeaways

“In a 2021 survey, Gartner found that AI teams are more concerned about AI risk overall compared to CISOs. It's not every day that someone is more concerned about information risk than the security team.”
“Another Gartner survey found that compromises against enterprise AI are common, with 41% of organizations reporting that they’ve experienced an AI privacy breach or security incident.”
“The AI attack surface is comprised of attacks that use AI, such as deepfakes, and attacks against AI, such as social engineering using AI-generated voice.”
“The top reasons why AI teams do not follow security guidelines are that it is too resource-intensive or that it takes too long to implement. It's clear that security teams must make guidance less burdensome for developers and data scientists.”
“Two-thirds of organizations are using a task force to manage AI privacy, security and risk, and those organizations are seeing better AI project results.”
“Organizations that spend time and resources now on supporting AI trust, transparency, and security will see improved AI outcomes in terms of adoption, achieved business goals and both internal and external user acceptance.”

It’s not too late to join the conference!

View coverage from Day 2

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com.