- Security teams are beginning to shift away from a staunch prevention focus into threat detection and response, as hackers and cyber threats continue to increase in sophistication, according to Gartner.
Gartner identified seven risk management and security trends for the coming year to determine how security leaders should prepare to face these external factors and security threats. Its research found that 50 percent of all security operations centers will modernize by 2022, up from less than 10 percent in 2015.
The modern approach will include incident response, threat intelligence, and threat-hunting capabilities. And the need, Peter Firstbrook, Gartner Research Vice President, explained, can’t be overstated.
The primary finding is that risk statements are now being tied to business outcomes, with IT strategies becoming more closely aligned with business goals. The result, Gartner found, is that it’s important for these leaders to present security matters at the board level.
“To avoid exclusively focusing on issues related to IT-decision making, create simple, practical and pragmatic risk appetite statements that are linked to business goals and relevant to board-level decisions,” Firstbrook said in a statement. “This leaves no room for business leaders to be confused as to why security leaders were even present at strategic meetings.”
To prioritize security investments, security leaders will turn to data security governance frameworks. Gartner found leading organizations are beginning to better assess data security through data insights, while using frameworks to assess products before they’re purchased and implemented to determine product security.
“[Frameworks] provide a data-centric blueprint that identifies and classifies data assets and defines data security policies. This then is used to select technologies to minimize risk,” said Firstbrook. “The key in addressing data security is to start from the business risk it addresses, rather than from acquiring technology first, as too many companies do.”
Gartner also noted that passwordless authentication is gaining market traction, which is increasingly deployed in enterprise applications for both employees and consumers to meet the “ample supply and demand.” As hackers continue to target passwords in their attacks, security and usability can increase with methods that don’t rely on passwords.
Passwordless security methods could especially support the healthcare sector, where user authentication is the most common risk to hospitals and the majority of phishing attacks in the last year were hyper-focused on obtaining user credentials.
Also notable, Gartner predicted that there will be an increase in cloud failures between 2019 and 2023, caused by cloud customers – not vendors. The crux of those failures will because by security staff being stretched too thin due to staffing shortages.
In healthcare, where three out of four hospitals operate without a designated security leader, the threat rings true.
“Public cloud is a secure and viable option for many organizations, but keeping it secure is a shared responsibility,” said Firstbrook. “Organizations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”