June 14, 2017
June 14, 2017
Contributor: Kasey Panetta
Gartners top cybersecurity trends cover the skills shortage, cloud and a shift to detection and response.
Explore the latest: Gartner Top Security and Risk Trends for 2022
In the ever changing world of cybersecurity, there are a few truths about what leaders want. Cybersecurity leaders seek:
But there are hard realities that govern cybersecurity.
“You can’t protect everything equally...we have to find a way to control only what matters,” said Earl Perkins, research vice president, during the Gartner Security & Risk Management Summit 2017 in National Harbor, MD. In fact, security experts should know four things: you can’t fix everything, you can’t make assets fully secure, you can’t know how secure they all are, and you can’t know how secure your digital partners are.
However, in a world of unknowns, five cybersecurity trends appear for 2017 and 2018.
With a zero percent unemployment rate, security skill sets are scarce. The industry needs and will continue to need new kinds of skills as cybersecurity evolves in areas such as data classes and data governance. It’s a problem that security experts have avoided, but the reality is that in the next three to five years, enterprises will generate more data than they ever have before, said Mr. Perkins.
Changes in cybersecurity will require new types of skills in data science and analytics. The general increase in information will mean artificial security intelligence is necessary. Adaptive skills will be key for the next phase of cybersecurity.
As the cloud environment reaches maturity, it’s becoming a security target and it will start having security problems. It’s possible cloud will fall victim to a tragedy of the commons wherein a shared cloud service becomes unstable and unsecure based on increased demands by companies. When it comes to cloud, security experts will need to decide who they can trust and who they can’t. Companies should develop security guidelines for private and public cloud use and utilize a cloud decision model to apply rigor to cloud risks.
“Take the money you’re spending on prevention and begin to drive it more equitably to detection and response,” said Mr. Perkins. “The truth is that you won’t be able to stop every threat and you need to get over it.”
A dedicated, well-financed actor who is after something in your enterprise is going to get it, even if they use the weakest link--people--to do so. This means adapting your security setup to focus on detection, response, and remediation. That’s where the cybersecurity fight is today. In the future it will most likely move to prediction of what’s coming before anything happens.
There is a new window of opportunity in application security, but most enterprises don’t take advantage of it because of the expense. It’s time to figure out the right way to evaluate the value of security and the best way to explain that to the business.
Additionally, DevOps should become DevSecOps, with a focus on security. This is a good time to marry development and operations. The time to market has shortened so much, it creates an endless connection between development and operation, which means it’s important to stop running them as isolated units. This is the time to bring security to DevOps, or if the team is not internal, to ask the service provider what kind of security they provide.
Safety, reliability and privacy are also a part of cybersecurity. When these systems begin to have a direct physical impact, you now become responsible for the safety of people and environments. Without a handle on security, people will die. The reliability portion is essential for operation and production environments or anyone in asset-centric firms.
Join your peers for the unveiling of the latest insights at Gartner conferences.
Recommended resources for Gartner clients*:
Clients can learn more about security and business in the full research report CIOs Should Manage Technology Risk and Cybersecurity Through the Lens of Business Value, by Paul Proctor.
*Note that some documents may not be available to all Gartner clients.