• Bookmark me

      |

      Share on

      FEATURED STORY OF THE WEEK

      What Gartner’s 2022 Security Risk Predictions Mean for Your Business

      Written by :
      Team Uvation
      | 7 minute read
      |September 16, 2023 |
      Industry : financial-services
      What Gartner’s 2022 Security Risk Predictions Mean for Your Business

      An unprecedented 30 billion records were exposed in data breaches in 2020, driven in part by ongoing disruptions caused by COVID-19 that continued the following year. Today, the threats to modern industries and supply chains are only growing as new and more frequent attacks are on the horizon, according to recent findings from leading cybersecurity publications.

       

      “Supply chain attacks, misinformation campaigns, mobile malware and larger scale data breaches are just some of the threats to watch for [in 2022],” says TechRepublic, where “Cyberattacks no longer just impact the targeted organization but often have a ripple effect that harms partners, providers, customers and others along the supply chain.”

       

      As 2022 begins, the most recent thought leadership on cybersecurity trends are emerging from Gartner. Among other predictions, Gartner anticipates an evolution of cybersecurity characterized by vendor consolidation, more holistic security strategies that incorporate human elements more deliberately, and a “move beyond cybersecurity and into organizational resilience to account for broader security environments,” as described in their October 2021 article.

       

      But how can companies of all sizes achieve the “organizational resilience” they need to operate safely in modern technology ecosystems? Here we synthesize the latest findings from Gartner, Forrester, and other publications and provide recommendations so you can proactively prepare for upcoming cybersecurity threats.

       

      2021 in Review: The State of Threats and Defense

       

      By October 2021, the rate of daily cyberattacks had grown to about 2,200, Security Magazine reports. Cybercriminals took advantage of COVID-19 disruptions—especially organizations’ shift to hybrid work models, which left many exposed to ransomware—resulting in dozens of high-profile losses as well as thousands of lesser-known events.

       

      “Over the past two years, the typical enterprise has been turned inside out,” says Peter Firstbrook, VP Analyst at Gartner in November 2021. “As the new normal of hybrid work takes shape, all organizations will need an always-connected defensive posture and clarity on what business risks remote users elevate to remain secure.”

       

      In addition to knowledge workers accessing corporate networks from remote locations, digital assets are increasingly located outside of traditional enterprise infrastructure as well. These shifts add business agility, but expose new vulnerabilities so that a traditional perimeter defense approach is no longer sufficient; “identity-first security” takes on new precedence instead.

       

      The convergence of digital services introduces new opportunities a well as cybersecurity vulnerabilities, where APIs each represent a “machine identity” that need to be authenticated. Cybersecurity experts and business users must both change their perspective on security as a result, focusing and building awareness of entity authentication as a new imperative.

       

      Even so, security awareness and training (SA&T) has lagged in terms of its sophistication, failing in many cases to evolve to accommodate these new types of dangers. “The [SA&T] market is full of legacy vendors whose offerings are out of date and out of touch with users,” explained Forrester in November 2021, where these models often lack compelling methods for business user engagement and proactive learning.

       

      A growing diversity of threats in combination with proliferating vendors of dedicated cybersecurity solutions is driving security teams to consolidate vendors into single, holistic solutions instead. “Most organizations recognize vendor consolidation as an avenue for more efficient security, with 80% executing or interested in a strategy for this,” Gartner described in November 2021. Although successful consolidation of this kind may take years, “more streamlined operations and reduced risk are often more achievable” as a result.

       

       

      Fortunately, there are only a few major concepts to keep in mind as you and your security teams begin conversations about your own information security transformation in 2022. Here are five trends and insights you can use to build security, resiliency, and confident within your organization.

       

      Trend #1: A Shift to Mesh Architecture to Protect Hybrid Workforces

       

      Hybrid work models whereby large portions of a workforce work remotely some or all of the time are becoming a permanent fixture across industries, “with more than 75% of knowledge workers expecting future hybrid work environments,” Gartner reported in November 2021. Although this shift caused major security issues in 2020 and 2021, security teams at leading enterprise are “rebooting” their security approaches, in many cases with mesh architectures.

       

      In their October 2021 article, Gartner predicts organizations that have adopted cybersecurity mesh architectures will reduce the financial impact of security incidents by 80% on average by 2024. These architectures feature distributed network security measured focused on protecting human and machine “identities” rather than taking a traditional, “network perimeter” approach.

       

      Trend #2: Alignment of Security with Products and Business Decision Making

       

      Business leaders will rightly perceive security as a “revenue driver” rather than a cost center, and align security initiatives with the development of key lines of business accordingly. Security will therefore play a primary, active role in the development of new products and business initiatives rather than a secondary, “defensive” role.

       

      Security will be integral to everyday business processes as well, not just as a gateway at users’ or machines’ points of entry. “Privacy-enhancing computation techniques that protect data while it’s being used—as opposed to while it’s at rest or in motion—enable secure data processing, sharing, cross-border transfers and analytics, even in untrusted environments,” as Gartner described in November 2021.

       

      Trend #3: Prioritization of Cybersecurity within Executive Decision Making

       

      As businesses come to terms with the potential financial, customer trust, and public relations costs of modern cyberattacks, they will increasingly include cybersecurity concerns in board-level discussions. “By 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member,” Gartner predicts in their October 2021 article.

       

      Cybersecurity oversight will become stricter as a result. Team leaders and employees can expect more regular cybersecurity audits and trainings. Leading organizations will provide user-friendly resources and support, and ensure individual security best practices become a welcome, practical function of employees’ everyday responsibilities.

       

      Trend #4: Increases in High-Impact Supply Chain Attacks

       

      Supply chain attacks are growing as criminals acknowledge them as high-impact targets. Indeed, as we’ve learned in 2020 and 2021, supply chain disruptions resonate across industries; supply chains are vulnerable to just about any kind of attack as well, where partner networks can have any number of data breach, malware, or ransomware exposures.

       

      In addition to ramping up identity-based security measure in partner ecosystems, companies will increasingly choose their supply chain partners based on the quality of their security. “By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements,” reports Gartner in their October 2021 article, where even investors will look to companies’ supply chain security as they consider investment opportunities.

       

      Trend #5: New Adaptive Strategies and Training Methods

       

      Both company leaders and security teams will begin to perceive security as an adaptive aspect of business. Security leaders will increasingly approach security strategy based on “measured human risk” through analysis of actual employee behavior rather than testing or quizzing employees. “This gives CISOs invaluable data about the risky behaviors they need to manage, allowing them to focus training resources or uplift security capabilities if required,” as Forrester described in November 2021.

       

      Security audits and penetration tests (i.e., “pen tests”) will become more common, increasing in frequency from an annual to a quarterly basis. Audits will increasingly involve the participation of supply chain and other partners, including third-party security consultants and experts who deliver unique expertise unavailable among internal security teams.

       

      Conclusion: Identity on the Front Line

       

      “Human risk quantification… is a security-program imperative,” claims Forrester. Indeed, security leaders must reconceptualize cybersecurity measures to focus on individual users, applications, and machines as bad actors’ points of entry. But changing individual behaviors requires a willingness among senior leaders to implement top-down cultural and training initiatives.

       

      Uvation Can Help You Transform Your Security Environment

       

      Uvation helps enterprise leaders across the globe as they optimize their security environments, consolidate vendor solutions, and move to change their internal culture to face future security challenges. Contact one of our security experts to learn more.

       

      Bookmark me

      |

      Share on

      More Similar Insights and Thought leadership

      The Rise of Neobanks and Cloud-Native Financial Services

      The Rise of Neobanks and Cloud-Native Financial Services

      Explore the rise of cloud-native neobanks and the success factors for thriving in the digital banking industry.

      9 minute read

      Financial Services

      Cybersecurity in banking: Challenges and best practices for 2023

      Cybersecurity in banking: Challenges and best practices for 2023

      Cybersecurity in banking is critical as cybercriminals increasingly target banks, credit unions, and other financial institutions (FIs).

      7 minute read

      Financial Services

      The Top 2022 Cybersecurity Trends in Banking and Finance

      The Top 2022 Cybersecurity Trends in Banking and Finance

      As the cybersecurity landscape continues to evolve, banks and financial institutions become more desirable and vulnerable targets for cybercriminals leveraging ever more sophisticated capabilities. These bad actors are attracted to banks and financial institutions because of the large sums of money they handle and the valuable personal and institutional data they store. As a result, cybersecurity must become a top strategic priority for these organizations.

      7 minute read

      Financial Services

      Closing the Tech Talent Gap: Recruiting and Retaining Workers with Leading Technical Skills

      Closing the Tech Talent Gap: Recruiting and Retaining Workers with Leading Technical Skills

      In 2021, roughly 3.9 million workers quit their jobs every month, breaking the previous record of 3.5 million in 2019, SHRM reports. This was in part due to the increasing demand for technical talent and the lack of qualified candidates to fill these positions. In December 2021,

      6 minute read

      Financial Services

      Branches 2.0: The Reemerging Relevance of Physical Banking

      Branches 2.0: The Reemerging Relevance of Physical Banking

      With the advent of digital banking, more and more people are banking remotely via their personal computers and mobile devices. But while digital banking options have been on the rise for years, physical bank and credit union branches are still important to consumers.

      6 minute read

      Financial Services

      Establishing Telehealth Successfully in Modern Patient Care

      Establishing Telehealth Successfully in Modern Patient Care

      In 2022, patients and healthcare providers have come to accept telehealth as a legitimate tool in clinical care. McKinsey reports a 38-times increase of telehealth usage versus before the pandemic as well, driven in part by mobility restrictions associated with the COVID-19 pandemic.

      7 minute read

      Financial Services

      How AI Will Transform the World in the Next 30 Years

      How AI Will Transform the World in the Next 30 Years

      Today’s smart digital technologies have been critical to overcoming the early disruptions of the 2020s. Artificial intelligence (AI) is at the heart of this transformation, where 50% of companies had already adopted AI in at least one business function in 2020, McKinsey reports. Modern applications include manufacturing, customer service,

      9 minute read

      Financial Services

      uvation