The current top trends in security and risk management for threat-facing, disruption and the organization have been detailed at the Gartner Security and Risk Virtual Summit.
Speaking at the event, research VP Peter Firstbrook pointed at “mega trends that are beyond your control,” which include: the skills gap, regulation and privacy, application scale and complexity, endpoint diversity, attackers and the impact of COVID-19. He said that COVID-19 has accelerated a lot of the trends Gartner has been seeing in the last 10 years, and if your organization is mature “you’re probably in a good space to handle COVID.”
The top eight trends he cited were as follows:
Extended Detection and Response (XDR) – Firstbrook said this tool is replacing SIEM and SOAR tools and providing organizations to be “more operationally secure in their operations than by investing and trying to integrate a best of breed set of products.”
He said that XDR unites security tools into a common data format and make correlations between events, and gives the user an integrated incident response experience where products are combined into one. “Start prioritizing the product that you need to focus in on, so start focusing on where you think it is important to have integrated information and to do incident response,” he said.
Security Process Automation – This is a trend across products, as vendors invest in this to address the skills gap, and to make it “easier to get repetitive tasks done.” Firstbrook recommended looking at long manual processes and ways to automate that, and to develop a playbook to know what steps to go though. Also, look for products with API and automation technology built in.
Securing Artificial Intelligence – Firstbrook said this is becoming a security and risk manager’s responsibility. “A lot of organizations have invested in AI and machine learning, but very few have looked at how that AI might be gained by a malicious attacker,” he said. He recommended looking at machine learning algorithms, and what attacks can be made against them.
Impact of Cyber on the Physical World – This includes IoT and machinery, as Firstbrook said the duties of security and risk managers become about more than traditional information security to include safety too. This includes factory machinery that is not as well protected, as well as building security where “siegeware” attackers lock you out of a building or mess with the HVAC system. “These are issues that information security doesn’t address, so we see organizations reorganize and put someone from infosec or cybersecurity to work across disciplines – operational security, supply chain security and product management security,” he said. “These are all areas that need to be addressed that not necessarily are.”
Form Trust and Safety Teams – These teams form a “digital perimeter” which includes points where the customer interacts with your environment: your call center, website, social media, some physical presences. Firstbrook recommended forming at least a part time trust and safety team to include marketing, a brand manager, legal, privacy “and look at the environment holistically” and inventory controls to organize around that
Privacy – Firstbrook said this is becoming an influential discipline of its own, as it has been a part time job of the organization in the past, but now it is becoming a full time role. “The reason they are doing this is because organizations are concerned about financial loss, concerned about losing customers and worried about suffering from reputational damage.”
To do this efficiently, businesses should focus on assessing the data and business risk that a business has in its environment. The three areas to focus on are: consent and making sure customers opt in to share data with you, transparency so they know what you’re storing and why you’re storing it, and self-management to be able to manage and delete data.
Secure Access Service Edge (SASE) – Firstbrook said this is enabling your WAN architecture to look more like local area network (LAN) architecture. “So how do you regain visibility and control into these applications and services that exist outside of your environment, with the users that are also outside the environment?” He recommended SASE as the way to do it, as it is the integration of network security controls with new tech like remote access technology and CASB, which merge into a single platform “to provide all of this connectivity across all of the internet, and make the internet feel like your WAN.”
Cloud Workload Protection – This is seeing a number of disruptive vendors come in, where cloud applications are protected from development to production, as we see applications built bespoke, in containers and across SaaS services. “So you need an inventory of what they are using, where they are and what protocols are they using, and where the credentials being are stored – managing all of that has become very complex,” he said.
In conclusion, Firstbrook recommended taking a step back to “look at the broader picture and not just at individual problems.”