Cybersecurity Q&A: The New World of Cyber

How digital transformation and new cyberattacks have changed the way enterprises protect against threats.

Cybersecurity has never been more relevant than in the past year. With crippling ransomware attacks, and now Spectre and Meltdown, security and risk management leaders must agree on how to define and address risks and threats in a new digital environment. The mission of cybersecurity must evolve to accommodate these concerns.

Organizations have tended to focus on stopping data breaches, despite the fact that it’s a losing battle

Security and risk management leaders should monitor the following developments to prepare purchasing strategies and technology adoptions:

  • Within the past year, leading global companies have seen sales and revenue impacts as high as $300 million due to malware-based cyberattacks.
  • As more security technologies move to the cloud and to either subscription or pay-as-you go models, enterprises have more opportunity to evaluate security technology and reduce long, resource-intensive and costly RFP processes.
  • Cybersecurity due diligence in mergers and acquisitions (M&A) cannot be one-size-fits-all; as with any diligence effort, the scope depends on the participants’ industry, the value of assets, the regulatory environment and deal size.

Jeffrey Wheatman, research director at Gartner and conference chair for the U.S. Gartner Security & Risk Management Summit, outlines the current and future needs and threats facing IT as the threat landscape evolves.

Cyberattacks are making the front pages on a regular basis. What does this climate of continuous risk mean for security leaders?

Organizations have tended to focus on stopping data breaches, despite the fact that it’s a losing battle. Leaders need to focus on supporting business resiliency and responding to cyberattacks, including ransomware, denial-of-service outages and other types of attacks. Additionally, it’s important to craft and implement strategic plans that balance prevention, detection, response and recovery.

Cloud solutions are now at a point where it’s time to dive in and start investing

We know that cyberattacks can be extremely costly, with significant consequences for businesses and security leaders. Insurance companies are insisting on high deductibles when these attacks occur to encourage businesses to make appropriate investments in security. Senior executives — not just CIOs — are losing their jobs over data breaches, and there’s an increasing impact on intangibles, such as brand reputation, that can be difficult to quantify.

Leading Enterprise Security and Risk E-Book
Learn how to protect, detect and respond at the speed of digital.
Download now

As risk exposure increases, how can organizations secure the entire digital supply chain?

New tools are emerging to help enterprises better understand their risk exposure throughout multilayered risk environments. One important step is to implement a strategy called CARTA (continuous adaptive risk and trust assessment). This is a strategic, continuous and proactive approach to help better manage the risks associated with digital business ecosystems. It means identifying issues early, stopping what you should and responding to what cannot be prevented.

Skip the long and costly RFP process, and give more options for meeting the needs of expanding digital businesses

Levels of trust and risk associated with digital business entities and their actions are dynamic, and need to be assessed continuously as interactions happen and context changes. CARTA, together with investments in people, process and tools, can help keep up with complex ecosystems and continuous change.

What trends are impacting security and risk management strategies this year?

Data protection is evolving to include emerging technologies such as artificial intelligence and machine learning, blockchain, OT-IT convergence, advanced analytics, and the pervasive presence of mobile, cloud and the Internet of Things. These technologies are bringing new opportunities, as well as new risks and challenges. For example, the highly skilled talent that’s needed to support these new technologies is becoming very scarce. However, companies can do more with some of their existing resources.

Cloud security has evolved in a positive direction. Cloud solutions are now at a point where it’s time to dive in and start investing. Subscription and pay-as-you-go security technologies enable organizations to skip the long and costly RFP process, and give more options for meeting the needs of expanding digital businesses.

Gartner clients can read more in “Cybersecurity Redefined for the Digital Era,” by Jeffrey Wheatman.

Get Smarter

Gartner Security & Risk Management Summits

Attend a global Gartner Security & Risk Management Summits.

Explore Gartner Events

How to Evaluate Cloud Service Provider Security

Security and risk management leaders continue to experience challenges to efficiently and reliably determine whether cloud service providers...

Read Free Research

The Top 10 Basic Changes Needed for GDPR Compliance

The EU General Data Protection Regulation (GDPR) hovers over organizations like the sword of Damocles, with fines theoretically at an...

Start Watching