Creative Edge Consultants

Gartner Security & Risk Management Summit 2023, APAC: Day 1 Highlights

Sydney, March 28, 2023

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in Sydney, Australia. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the opening keynote presentation on the top predictions for cybersecurity, as well as sessions on the outlook for network security in 2023, and how to assess, address and monitor third-party cybersecurity threats while you are sleeping.

Key Announcements

Opening Keynote: The Top Cybersecurity Predictions for 2023-2024

Presented by Richard Addiscott, Senior Director Analyst and and Lisa Neubauer, Director, Advisory, Gartner

As we look out over the next decade, what scenarios should security and risk management leaders consider in their organization’s cybersecurity strategy? In the opening keynote, Richard Addiscott, Senior Director Analyst and Lisa Neubauer, Director, Advisory at Gartner shared the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders be successful in the digital era.

Key Takeaways

  • By 2024, modern privacy regulation will blanket the majority of consumer data, but less than 10% of organizations will have successfully weaponized privacy as a competitive advantage: “Enforce a comprehensive privacy standard for handling personal information to differentiate in an increasingly competitive market and grow unhindered.”
  • Through 2027, 50% of CISOs will formally adopt human-centric design practices into their cybersecurity programs to minimize operational friction and maximize control adoption: “Start by identifying security initiatives for potential proof of concept projects where these practices can be introduced.”
  • By 2025, 50% of cybersecurity leaders will have tried, unsuccessfully, to use cyber risk quantification to drive enterprise decision-making: “Focus your firepower on quantification that decision makers ask for instead of producing self-directed analyses you then have to persuade the business to care about.”
  • By 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors: “While eliminating stress is unrealistic, people can manage incredibly challenging and stressful jobs in cultures where they are supported. Changing the rules of engagement to foster cultural shifts will help.”
  • By 2026, 10% of large enterprises will have a comprehensive, mature and measurable zero-trust program in place, up from less than 1% today: “Starting small, an ever evolving zero-trust mindset makes it easier to better grasp the benefits of a program and manage some of the complexity one step at a time. Done is better than perfect.”

Learn more from the Gartner Opening Keynote in the associated Gartner press release: Gartner Unveils the Top Eight Cybersecurity Predictions for 2023-2024


Outlook for Network Security

Presented by Craig Lawson, VP Analyst, Gartner

Users, devices, applications and data are everywhere and so are networks. As organizations rapidly expand their footprint and support a hybrid workforce, how does network security evolve to keep up? In this session, Craig Lawson, VP Analyst at Gartner, explained the current trends in network security and how security and risk management leaders can make business-aligned, risk-focused decisions on where best to use network security today

Key Takeaways

  • “Business outcomes are the primary driver for choosing your network security architecture and should address the threats that result from business changes. Buzzwords are only useful if they solve these two things. A zero trust security posture and SASE might be the right choice for your organization, but might not be for others.”
  • “As your organization evolves, so must network security to secure users, devices, resources and networks in a hybrid world.”
  • “Stop thinking about network security in a box. Instead focus on business outcomes such as supporting hybrid work or digital transformation, as the reasons why you need network security. Network security is a key layer of defense.”
  • “Build new security perimeters with security service edge (SSE). Combine SSE with SD-WAN as part of a strategic SASE architecture.”
  • “Tackle a network segmentation project as one pillar of good network security design. Starting with a segmentation objective will put you on the wrong start because you’ll miss part of the available solutions.”
  • “Better security does not equate to “more zones.” Improved network security is more likely to correlate with better automation.”


How to Assess, Address and Monitor Third-Party Cybersecurity Threats While You Are Sleeping

Presented by Luke Ellery, VP Analyst, Gartner

CISOs lose enough sleep over their internal cybersecurity defences, let alone the third parties beyond their control. In this session, Luke Ellery, VP Analyst at Gartner, advised CISOs how to establish effective third party controls for their organization. He also reviewed the tools and solutions to assess, address and monitor third party risk to avoid delirium and reduce risk exposure.

Key Takeaways

  • “Triage third parties that you need to assess based on their engagement with your organization and by cyber-risk threat. Identify the sources of information you need to assess them.”
  • “Focus on cyber controls that will prevent the relevant risks – you can’t treat all third parties the same. Don’t just categorize them as high or low risk, focus on the nature of the relationship.”
  • “Define your non-negotiables, whether that be certifications, encryption, multifactor authentication, etc, and your standard suite of controls, to protect you from the most common cyberthreats. Get your board to endorse this to give you leverage with the business and third parties.”
  • “You can’t just throw tools at this. Establish the right architecture by analyzing existing people, processes and technology to identify opportunities to improve your third party cyber risk program.”
  • “Define the risk domains you are trying to solve, determine the scope of your third party risk management life cycle, and investigate whether you have existing solutions to meet your needs.”
  • “If third party tools are insufficient, identify tools and solutions to address the gaps in your target architecture to effectively assess, address and monitor third-party cyber risk while you sleep.”

Check the Gartner Newsroom tomorrow for highlights from Day 2.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Recently Viewed
Sorry, there are no products.