Which technology trend do most cyber risk managers believe has made organizations more vulnerable to security compromises?

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. CISOs’ roles need to transition from technologists who prevent breaches to corporate strategists managing cyber risks. Unfortunately, slowing down CISOs’ career growth are security tech stacks that aren’t designed for new digital transformation, virtualization and hybrid cloud initiatives in their companies. Gartner’s recently published The seven trends also help to explain the How Gartner’s trends define a cybersecurity roadmap Responding to threats is what enterprises and their CISOs need the most help with today. As a result, Gartner chose to organize their trends and assign most of them to threat response. That’s a clear indication that their enterprise clients are focused on this area and looking for guidance. Attack Surface Expansion, Identity Threat Detection and Response and Digital Supply Chain Risk are the three trends Gartner sees as most important for threat response. Rethinking Technology is the second strategic trend, including Vendor Consolidation and Cybersecurity Mesh. The third strategic trend is Reframing The Cybersecurity Practice. Gartner adds Distribution Decisions and Beyond Awareness to this group. Taken together, Gartner’s trends create a high-level Translating the seven trends into a strategic roadmap yield the following: Roadmap phase 1: Responding to threats • Attack surface expansion • Identity threat detection and ...

(7 pages) Cybersecurity has always been a never-ending race, but the rate of change is accelerating. Companies are continuing to invest in technology to run their businesses. Now, they are layering more systems into their IT networks to support remote work, enhance the customer experience, and generate value, all of which creates potential new vulnerabilities. This article is a collaborative effort by At the same time, adversaries—no longer limited to individual actors—include highly sophisticated organizations that leverage integrated tools and capabilities with artificial intelligence and machine learning. The scope of the threat is growing, and no organization is immune. Small and midsize enterprises, municipalities, and state and federal governments face such risks along with large companies. Even today’s most sophisticated cybercontrols, no matter how effective, will soon be obsolete. In this environment, leadership must answer key questions: “Are we prepared for accelerated digitization in the next three to five years?” and, more specifically, “Are we looking far enough forward to understand how today’s technology investments will have cybersecurity implications in the future?” (Exhibit 1). Proactively mitigating cybersecurity threats and evaluating over-the-horizon cybersecurity capabilities is not a one-time process. It requires ongoing vigilance and a structured approach to ensure that organizations proactively scan the environment and adjust their cyber stance ac...

Leadership Vision eBook: “How do we make sure our consumers aren’t physically harmed by rogue agents?” That's the kind of question security and risk leaders need to predict and plan for in the future. The proliferation of Download roadmap: “We’re falling into this old habit of trying to treat everything the same as we did in the past,” said Security and risk management has become a board-level issue for organizations. The number and sophistication of security breaches is rising, spurring increased legislation to protect consumers and putting security at the forefront of business decisions. Read more: Gartner analysts predict more decentralization, regulation, and safety implications over the next few years. Build these strategic planning assumptions into your roadmap for the year ahead. 1. By the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population. GDPR was the first major legislation for consumer privacy, but it was quickly followed by others, including Brazil’s General Personal Data Protection Law (LGPD) and the California Consumer Privacy Act (CCPA). The sheer scope of these laws suggests you’ll be managing multiple data protection legislation in various jurisdictions, and customers will want to know what kind of data you’re collecting and how it’s being used. It also means you’ll need to focus on automating your privacy management system. Standardize security operations using GDPR as a base, and then adjust for individu...

License and Republishing World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use. The views expressed in this article are those of the author alone and not the World Economic Forum.

• Share to Facebook • Share to Twitter • Share to Linkedin In recent years we have seen the topic of cyber security move from the IT department to the board room. As attacks have proliferated and the potential penalties, both regulatory and in terms of loss of customer trust, have increased, it has become a priority at every organizational level. We often think of cybersecurity as an ongoing battle between hackers and criminals, and security experts, which is constantly escalating due to constant advances in technology. This is the “glamorous” side of the business that we sometimes see depicted in TV shows and movies. And indeed, threats sometimes come from hostile foreign states or devious, tech-savvy criminal masterminds. In reality, however, threats are just as likely to emerge due to improperly secured networks leaving sensitive data accidentally exposed, or unwary or indiscreet employees using non-secured devices while working from home. Editor IoT devices – ranging from smart wearables to home appliances, cars, building alarm systems and industrial machinery – have often proven to be a bugbear for those with responsibility for cybersecurity. This is because, as they are often not used to store sensitive data directly, manufacturers haven’t always been focused on keeping them secure with frequent security patches and updates. That has changed recently, as it’s been shown that even when they don’t store data themselves, attackers can often find ways to use them as gate...

“Organizations worldwide are facing sophisticated ransomware, attacks on the digital supply chain and deeply embedded vulnerabilities,” said These challenges lend themselves to three overarching trends impacting Trend 1: Attack Surface Expansion Enterprise attack surfaces are expanding. Risks associated with the use of Digital risk protection services (DRPS), external attack surface management (EASM) technologies and cyber asset attack surface management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps. Trend 2: Digital Supply Chain Risk Cybercriminals have discovered that attacks on the digital supply chain can provide a high return on investment. As vulnerabilities Digital supply chain risks demand new mitigation approaches that involve more deliberate risk-based vendor/partner segmentation and scoring, requests for evidence of security controls and secure best practices, a shift to resilience-based thinking and efforts to get ahead of forthcoming regulations. Trend 3: Identity Threat Detection and Response Sophisticated threat actors are actively targeting identity and access management (IAM) infrastructure, and credential misuse is now a primary attack vector. Gartner introduced the term “identity threat detection and response” (ITDR) to describe the collection of tools and best practices to defend identity systems. “Organizations have spent considerable effort improving IAM capabilitie...

Global cyber futuristic financial network security concept. Fast speed internet connection. Block ... [+] chain network getty Most business ventures rely on lessons learned to improve outcomes. They analyze what they did right or wrong to fill gaps and adapt strategies is often a barometer of future success. The cybersecurity industry needs to follow this heuristic model. In 2021 we are already facing a variety of cyber-attacks and look to lessons learned to close cyber vulnerabilities. Three trends to focus on include 1) the expanding cyber-attack surface (remote work, IoT supply chain), 2) Ransomware as a cyber weapon of choice, 3) threats to critical infrastructure via ICS, OT/IT cyber-threat convergence. There are several factors that have led to the Malthusian expansion of the global cyber-attack surface. These influences include digital transformation and the commercial model of more people doing business over the internet. We have moved into the early stages of the Fourth Industrial Revolution that is highlighted by digital interactions and the meshing of machine and human. Our way of life is increasingly online. The digital transformation was rapidly pushed by Covid19 and the need to move individuals working in offices to working remotely from their homes. That led to essentially millions of connected offices. It is estimated that nearly estimatedthat digital transformation was advanced by up to seven years. But at the same time, threat actors and cyber criminals a...

Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. CISOs’ roles need to transition from technologists who prevent breaches to corporate strategists managing cyber risks. Unfortunately, slowing down CISOs’ career growth are security tech stacks that aren’t designed for new digital transformation, virtualization and hybrid cloud initiatives in their companies. Gartner’s recently published The seven trends also help to explain the How Gartner’s trends define a cybersecurity roadmap Responding to threats is what enterprises and their CISOs need the most help with today. As a result, Gartner chose to organize their trends and assign most of them to threat response. That’s a clear indication that their enterprise clients are focused on this area and looking for guidance. Attack Surface Expansion, Identity Threat Detection and Response and Digital Supply Chain Risk are the three trends Gartner sees as most important for threat response. Rethinking Technology is the second strategic trend, including Vendor Consolidation and Cybersecurity Mesh. The third strategic trend is Reframing The Cybersecurity Practice. Gartner adds Distribution Decisions and Beyond Awareness to this group. Taken together, Gartner’s trends create a high-level Translating the seven trends into a strategic roadmap yield the following: Roadmap phase 1: Responding to threats • Attack surface expansion • Identity threat detection and ...

License and Republishing World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use. The views expressed in this article are those of the author alone and not the World Economic Forum.

• Share to Facebook • Share to Twitter • Share to Linkedin In recent years we have seen the topic of cyber security move from the IT department to the board room. As attacks have proliferated and the potential penalties, both regulatory and in terms of loss of customer trust, have increased, it has become a priority at every organizational level. We often think of cybersecurity as an ongoing battle between hackers and criminals, and security experts, which is constantly escalating due to constant advances in technology. This is the “glamorous” side of the business that we sometimes see depicted in TV shows and movies. And indeed, threats sometimes come from hostile foreign states or devious, tech-savvy criminal masterminds. In reality, however, threats are just as likely to emerge due to improperly secured networks leaving sensitive data accidentally exposed, or unwary or indiscreet employees using non-secured devices while working from home. Editor IoT devices – ranging from smart wearables to home appliances, cars, building alarm systems and industrial machinery – have often proven to be a bugbear for those with responsibility for cybersecurity. This is because, as they are often not used to store sensitive data directly, manufacturers haven’t always been focused on keeping them secure with frequent security patches and updates. That has changed recently, as it’s been shown that even when they don’t store data themselves, attackers can often find ways to use them as gate...