Gartner Security & Risk Management Summit 2024 London: Day 1 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in London. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the Gartner opening keynote presentation on augmented cybersecurity, addressing third-party risks, as well as discussing the practicalities of getting started with zero trust. Be sure to check this page throughout the day for updates.

• Gartner Predicts At Least 500 Million Smartphone Users Will Be Using a Digital Identity Wallet by 2026

Presented by Christopher Mixter, VP Analyst, Gartner and Akif Khan, VP Analyst, Gartner

Chief information security officers (CISOs) who elevate response and recovery to equal status with prevention are generating more value than those who adhere to out-dated zero tolerance for failure mindsets. In this session, Christopher Mixter and Akif Khan, VP Analysts at Gartner, discussed activities for CISOs to begin the journey toward augmented cybersecurity, Gartner’s label for a cybersecurity function that has elevated response and recovery to equal status with prevention.

• “To begin the journey toward augmented cybersecurity, CISOs should prioritize three areas of activity: building cyber fault tolerance in the business, streamlining to a minimum effective cyber toolset, and building a resilient cyber workforce.”

• “CISOs should be creating a formal third-party contingency plan, including things like an exit strategy, alternative suppliers list, and incident response playbooks. This generates as much as a 43% potential improvement in effectiveness.”

• “Second, they should practice those plans by conducting third-party incident response exercises, which yield a 42% potential improvement.” 

• “CISOs tabletop everything else. It’s time to bring tabletop exercises to third-party cyber risk management.” 

• “Zero-tolerance-for-failure mindset drives two behaviors that lock staff into ‘merely surviving’ or ‘burning out’. First is heroism and second is hiding failures, which is lethal to innovation and a leading cause of burnout.”
• “If CISOs want to improve resilience, they should actively seek employee feedback on bottlenecks and reduce process friction, and make processes adaptable.”

Presented by Rahul Balakrishnan, Director, Gartner

Organizations are working with more third parties than ever before and relying more on them to meet critical strategic and profit objectives. In this session, Rahul Balakrishnan, Director, Research at Gartner, outlined key actions cybersecurity leaders must take to prepare for and minimize business disruptions from third-party cybersecurity incidents.

• “45% of organizations report an increase in third party related-cyber disruptions. However, organizations aren’t able to reduce disruptions caused by third-party incidents, despite increased investments.”

• “Organizations aren’t resilient to third-party cybersecurity incidents which reinforces the need to focus on resilience.”

•  “The path to building resilience against third party incidents is focusing on the things that you can control.”

  • Understand how third parties interface with critical assets, not just their security posture​.

  • Make ‘plan B’ as strong as ‘plan A’.

  • Practice third-party incident response.

  • Shift engagement strategy from “policing” to proactive collaboration with critical third parties.

• “As well as enhancing your resilience against third-party incidents, focus on making your pre contract due diligence more efficient and redirecting those resources to other resilience-focused activities.”

Presented by John Watts, VP Analyst, Gartner

Zero trust security architectures replace the implicit and static trust models of legacy security architectures with dynamic and explicit trust models. In this session, John Watts, VP Analyst at Gartner, addressed the practicalities of getting started with zero trust.

• “Zero trust is a paradigm. Don’t put too much into zero trust. Scope to something doable.”

• To build a Foundation for Zero Trust

  • Shift how your organization thinks.

  • Start with who, not where.

  • Catalogue key assets.

  • Plan to leverage existing tech investments.

• “Identity and context are the foundations of zero trust, and they must be solid.”

• “Build a dynamic context aware authentication model — and authenticate then connect regardless of resource location.”

• “Assume a hostile actor is present” means you must control more than user traffic.”