INSIGHT BY GARTNER

Gartner Security & Risk Management Summit: The New World of Cyber

This content is sponsored by Gartner

Cybersecurity has never been more relevant than in the past year. With crippling ransomware attacks, and now Spectre and Meltdown, security and risk management leaders must agree on how to define and address risks and threats in a new digital environment. The mission of cybersecurity must evolve to accommodate these concerns.

The annual Gartner Security & Risk Management Summit, taking place June 4-7 in National Harbor, Maryland, goes beyond demos and new product announcements to explore the best practices needed to successfully combat the new security threats all organizations face today.

Through the expertise of Gartner analysts and guest speakers, real world solutions from over 150 technology providers and networking opportunities with over 3.400 security professionals, the 2018 Gartner Security & Risk Management Summit highlights how digital transformation and new cyberattacks have changed the way enterprises protect against threats.

Jeffrey Wheatman, research director at Gartner and conference chair for the Gartner Security & Risk Management Summit, outlines some of the current and future needs facing IT as the threat landscape evolves.

Q: Cyberattacks are making the front pages on a regular basis. What does this climate of continuous risk mean for security leaders?

A: Organizations have tended to focus on stopping data breaches, despite the fact that it’s a losing battle. Leaders need to focus on supporting business resiliency and responding to cyberattacks, including ransomware, denial-of-service outages and other types of attacks. Additionally, it’s important to craft and implement strategic plans that balance prevention, detection, response and recovery.

We know that cyberattacks can be extremely costly, with significant consequences for businesses and security leaders. Insurance companies are insisting on high deductibles when these attacks occur to encourage businesses to make appropriate investments in security. Senior executives — not just CIOs — are losing their jobs over data breaches, and there’s an increasing impact on intangibles, such as brand reputation, that can be difficult to quantify.

Q: As risk exposure increases, how can organizations secure the entire digital supply chain?

A: New tools are emerging to help enterprises better understand their risk exposure throughout multilayered risk environments. One important step is to implement a strategy called CARTA (continuous adaptive risk and trust assessment). This is a strategic, continuous and proactive approach to help better manage the risks associated with digital business ecosystems. It means identifying issues early, stopping what you should and responding to what cannot be prevented.

Levels of trust and risk associated with digital business entities and their actions are dynamic, and need to be assessed continuously as interactions happen and context changes. CARTA, together with investments in people, process and tools, can help keep up with complex ecosystems and continuous change.

Q: What trends are impacting security and risk management strategies this year?

A: Data protection is evolving to include emerging technologies such as artificial intelligence and machine learning, blockchain, OT-IT convergence, advanced analytics, and the pervasive presence of mobile, cloud and the Internet of Things. These technologies are bringing new opportunities, as well as new risks and challenges. For example, the highly skilled talent that’s needed to support these new technologies is becoming very scarce. However, companies can do more with some of their existing resources.

Cloud security has evolved in a positive direction. Cloud solutions are now at a point where it’s time to dive in and start investing. Subscription and pay-as-you-go security technologies enable organizations to skip the long and costly RFP process, and give more options for meeting the needs of expanding digital businesses.

The Gartner Security & Risk Management isn’t only about combatting the next data breach, Whether you’re a CISO looking to improve your leadership skills, a security professional who needs practical advice to accelerate progress on your next initiative or a BCM leader trying to implement resilience practices across the organization, you’ll find your program, peers and strategic partners at the Gartner Security & Risk Management Summit.