Gartner Security & Risk Management Summit 2024 London: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in London. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here.

On Day 2 from the conference, we are discussing the future of online identity verification, how augmented cybersecurity leadership enables security leaders to make fast, sophisticated, data-driven decisions, and exploring how to build an effective insider risk program. Be sure to check this page throughout the day for updates.

• Gartner Predicts At Least 500 Million Smartphone Users Will Be Using a Digital Identity Wallet by 2026

Presented by Akif Khan, VP Analyst, Gartner

Obtaining confidence in a customer’s or employee's identity is the foundation of identity-first security — from user onboarding to securing credential recovery. In this session, Akif Khan, VP Analyst at Gartner, explained the challenges of identity verification (IDV) and what its evolution will look like in the future. 

• “Account recovery is increasingly being exploited by attackers as the easiest way to carry out account takeover - identity verification (IDV) can help mitigate this risk.”

• “However, there are several challenges with the way organizations perform IDV and affirmation in the market today.”

  • IDV is inefficient and costly for every relying party to implement and perform their own identity verification.

  • IDV provides poor UX for users to go through identity verification with every relying party.

  • IDV has a lack of consent mechanisms, and little control for users over privacy.

• “Strategically, the market is starting to move in the direction of portable digital identity.”

• “Standalone identity verification and emerging portable digital identity schemes will co-exist forever to varying degrees.”

• “Security leaders do not need to wait for a government to provide all citizens with a digital identity wallet. “They can implement a portable digital identity solution specifically for their workforce, which is ultimately improving security by introducing strong authentication and improving UX by removing the need for repeated identity verification.”

Learn more in the Gartner press release “Gartner Predicts At Least 500 Million Smartphone Users Will Be Using a Digital Identity Wallet by 2026.”

Presented by William Candrick, Sr Director Analyst, Gartner

As executives and boards continue to engage as sponsors of the cybersecurity program, CISOs must transform from tactical leaders to business executives and storytellers. In this session, William Candrick, Sr Director Analyst at Gartner, outlined how augmenting cybersecurity leadership leverages technologies such as AI, to make fast, sophisticated, data-driven decisions that direct their team activities in partnership networks, not through legacy chains of command.

• “To be a successful cybersecurity leader in an augmented world, CISOs need to manage three key challenges - goal conflict, stress & fatigue, and non-linear challenges - when trust is at an all time low.”

• “Although augmentation is designed to empower teams, there could be potential disconnect between benefits to team and leadership goals. Understand if augmentation is right for your organization.”

• “Consider the ethical implications of AI adoption for augmentation. It could be more invasive, and have more serious consequences for employees than other forms of business analytics.”

• “Balance the load and address stress and fatigue by augmenting the abundance problem. We are so far off in this direction that it’s important to embrace this change and find ways to help our teams perform better through augmentation.”

• “Before kicking off any augmentation efforts, assess the major pain points the security team indicates as early wins and create a business case that outlines possibilities and limitations.”

Presented by Paul Furtado, VP Analyst, Gartner

One of the biggest risks to an organization’s security comes from those who access their systems daily. In this session, Paul Furtado, VP Analyst at Gartner, explained how organizations can build an effective insider risk program. 

• “Insider risk is the potential for an individual who has or had authorized access to either maliciously, or unintentionally, act in a way that could negatively affect the organization.”

• “Not every insider risk becomes an insider threat; however, every insider threat started as an insider risk.”

• “Insider risk management is a methodology, not a product.”

• The causes of insider threats include:

  • Careless user: 63%

  • Malicious user: 23%

  • Credential compromise: 14%

• “Reduce the potential for user errors addressing behaviors immediately through automated means (user alerts, policy attestation, immediate awareness training, etc.).”