London, September 13, 2022

Gartner Security & Risk Management Summit 2022 London: Day 2 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in London. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here.

On Day 2 from the conference, we are sharing key recommendations to combat threats, explaining how to manage ESG performance and carbon risks from IT vendors, and what will have the biggest impact on security operations. Be sure to check this page throughout the day for updates.

Key Announcements

Gartner Survey Shows 75% of Organizations Are Pursuing Security Vendor Consolidation in 2022

How to Better Prepare and Respond to the Evolving Threat Landscape

Presented by Jeremy D’Hoinne, VP Analyst, Gartner

The threat landscape is continually evolving as attackers adapt their tactics and strategies to how businesses change. In this session, Jeremy D’Hoinne, VP Analyst at Gartner, shared key recommendations for security and risk management leaders to combat top threats, high-momentum threats and emerging threats.

Key Takeaways

“There are three different categories of threats that security & risk managers should pay attention to: known and frequent threats; high-momentum threats and emerging, niche and unpredictable threats.”
Top threats: Threats that organizations are highly aware of and that remain relevant year after year as a result of underlying changes.
High-momentum threats: Threats that are growing, but for which awareness is not yet on par with that associated with top threats.
Emerging threats: Threats that are rarer and less visible, but significant enough for security and risk management leaders to pay attention to.

“When dealing with ever-known top threats, monitor for microtrends creating increasing gaps in your defense. Ensure executive sponsorship for continued investment in security control improvements by communicating effectively about microtrends for well-known threats.”
“For emerging and high-momentum threats, set up processes inside their security operations organization to evaluate their impact. Start with API, supply chain and cyber-physical systems (CPS) threats by focusing on exposure management, posture validation, good security hygiene and risk awareness.”
“For emerging and future threats, focus on cyberresilience and align security with organizational leaders to anticipate expansion of the attack surface as a result of business transformation.”

It’s not too late to join the conference!

Managing Your ESG and Carbon Risks From Your IT Vendors

Presented by Joanne Spencer, Sr Director Analyst, Gartner

It is critical to have effective and focused engagement and collaboration with key vendors in order to manage ESG performance. In this session Joanne Spencer, Sr Director Analyst at Gartner, shared who to engage with, how and what to reasonably expect in order for enterprises to manage their ESG and carbon risks from IT vendors.

Key Takeaways

“For most enterprises their biggest ESG risks and opportunities for improvement sit in their supply chain.”
“Know your enterprise objectives, targets and timelines.”
“Identifying the most material issues is critical to forming a sustainability strategy.”
Most enterprises have hundreds, if not thousands, of suppliers they work with. In order to manage ESG and carbon risks, it is crucial for enterprises to know not all suppliers are created equal and a differentiated approach is needed.
“Collaborate with them [suppliers] to learn what they are doing, how they are addressing common challenges – use them as a sounding board.”
“Conduct due diligence and use technology.”

Outlook for Security Operations 2022

Presented by Pete Shoard, VP Analyst, Gartner

Security operations are undergoing a transformative change on how and when security is planned and delivered. In this session, Pete Shoard, VP Analyst at Gartner, explained which technologies, processes and services will have the biggest impact on how security operations are delivered in 2022.

Key Takeaways

Organizations should focus on three areas to drive their security operations strategy in 2022: 1) how to get value from threat intel and threat hunting, 2) focus visibility efforts to maximize exposure reduction, and 3) determine if automation and AI make sense for your security operations.
“Measuring threat intel sounds daunting, and it can be. But you can apply metrics to feeds to see how many actionable indicators they provide, and also measure the efficacy of intelligence applied to events and incidents that were true positive vs false positive.”
“Utilize threat intelligence to support hunting, either as the starting point or to fill in missing pieces. Formalize hunting as a core process of your SecOps program and set aside time on calendars to actually do it.”
“There are three pillars of exposure management - attack surface, vulnerability, and validation.”
Exposure management combines multiple approaches to optimize scope, automation and accuracy of the diagnostics.
“Before buying into automation or AI solutions, you must have a process defined and something to measure to see value in your investments.”

View coverage from Day 1

View coverage from Day 3

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com.