Gartner: 7 Security and Risk Management Trends for 2022 – Campus Technology

Research

Gartner: 7 Security and Risk Management Trends for 2022

lock icons over hands on laptop keyboard

Security and risk management in higher education and other sectors has become increasingly complex, thanks to the ever-expanding digital footprint of modern organizations, according to research firm Gartner . “The pandemic accelerated hybrid work and the shift to the cloud, challenging CISOs to secure an increasingly distributed enterprise — all while dealing with a shortage of skilled security staff, ” noted Research Vice President Peter Firstbrook. That’s a difficult position from which to defend an institution against new and emerging threats.

In a recent report , Gartner outlined seven trends impacting cybersecurity and risk management practices in the coming year. The trends build on plus reinforce one another, Firstbrook said: “Taken together, they will help CISOs evolve their roles to meet future security and risk management challenges and continue elevating their standing within their organizations. ” Following are key areas to watch and how institutions can adapt their security approaches in response to evolving needs.

1) Attack surface expansion. The use of cyber-physical systems (technologies that utilize sensing, computation, control, networking and analytics to interact with the physical world) and the Internet of Things, open source code, cloud applications, social media and more has resulted in a wider range of security exposures, Gartner said. “Organizations must look beyond traditional approaches to security monitoring, detection and response, ” the report advised. “Digital risk protection services (DRPS), external attack surface management (EASM) technologies plus cyber asset attack surface area management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps. ”  

2) Digital supply chain risk. By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, according to a Gartner prediction. “Digital supply chain risks demand new mitigation approaches that involve more deliberate risk-based vendor/partner segmentation and scoring, requests for evidence of security controls and secure best practices, a shift to resilience-based thinking and efforts to get ahead of forthcoming regulations, ” the report stated.

3) Identity threat detection and response. “Credential misuse is now a primary attack vector, ” Gartner said. The research firm uses the term “identity danger detection and response, inch or ITDR, to describe the tools and best practices needed to defend identity systems. “Organizations have spent considerable effort improving [identity and access management] capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure, ” Firstbrook pointed out. “ITDR tools can help protect identity systems, detect when they are compromised plus enable efficient remediation. ”

4) Distributing decisions. “The scope, scale and complexity associated with digital business makes it necessary to distribute cybersecurity decisions, responsibility and accountability across the organization units and away from a centralized function, ” Gartner said. As a result, the role of a cybersecurity leader must evolve from sole decision-maker to more of a facilitator. “By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of digital organizations, ” Firstbrook said. “CISOs must reconceptualize their responsibility matrix in order to empower Boards of Directors, CEOs and other business leaders to make their own informed risk decisions. ”

5) Beyond awareness. Traditional, compliance-centric approaches to protection awareness training are ineffective, Gartner said. Instead, the company advised investing in “holistic safety behavior and culture programs, ” which focus on “fostering new ways of thinking and embedding new behavior with the intent to provoke more secure ways of working across the organization. inch

6) Vendor consolidation. The need to reduce complexity and administrative overhead while increasing effectiveness is driving convergence in security technologies, Gartner said. For example , for many organizations, cloud-delivered safe web gateway, cloud access security broker, zero trust network access and branch office firewall-as-a-service capabilities might all be provided by the same vendor. “Consolidation of protection functions will lower total cost of ownership and improve operational efficiency in the long term, leading to better overall security, ” Gartner asserted.

7) Cybersecurity mesh. “A cybersecurity mesh architecture (CSMA) helps provide a common, integrated security structure plus posture to secure all assets, whether they’re on-premises, in data centers or in the cloud, ” Gartner explained. This is important in defining consistent security policies, enabling workflows and exchanging data among security solutions.

The full report is available to Gartner clients here .

About the Author

About the author: Rhea Kelly is editor in chief for Campus Technology. She can be reached at [email protected] .