Emerging trends in security and risk management: Insights from Gartner

In the rapidly evolving digital landscape, companies are making a significant shift towards cloud-based solutions, as the focus moves towards management and security in cloud-delivered services. This transition comes as businesses prioritise security over on-premise software.

One of the key areas of concern is machine identity, which functions similarly to user identity, determining which data or transactions machines should have access to. In the wake of the SolarWinds hack, threat actors exploited the APIs in email access, using them to leapfrog the Office 365 environment. This underscores the importance of securing machine identities in the digital realm.

The pandemic has brought about changes that are shaping security and risk management strategies. With the shift towards remote work, companies are grappling with the lack of physical security, leading to a pivot in data privacy management.

Boards are recognising the need for a liaison between the technical capabilities of the IT department and the security department, with the business knowledge the board possesses. As a result, many companies are adding cyber-specific committees to their board of directors.

Single sign-on and multifactor authentication investments have been underway for years, but monitoring these infrastructures for breaches is a challenge. Network and endpoint detection and response isn't enough; companies need identity detection and response.

Gartner has found many clients are still locked into LAN-centric security and are moving towards composable security services. This shift is driven by the need for flexibility and adaptability in the face of evolving threats.

Cloud access security brokers (CASB) investments are projected to grow, and adoption will continue to increase. These solutions provide companies with a means to secure their cloud applications and data, addressing the security concerns associated with the cloud.

Ransomware threats are emerging trends in security and risk management. Cybercriminals target identity infrastructure, particularly in ransomware attacks, as it allows for privilege escalation. To combat this, companies are investing in breach and attack simulation tools, which provide insight into how an attacker could move through their environment.

The skills gap in security and risk management is widening. To address this, former CISOs are joining more boards and consultants are serving as cyber translators. This means CISOs should expect the cyber literacy of their boards to increase over time.

Businesses have more endpoints due to remote work, and this trend is expected to continue. To manage this, Gartner recommends creating a matrix of policies for remote users to refer to. Additionally, Gartner encourages CISOs to continue presenting cyber risk in the context of overall business risk.

Privacy-enhancement computation tools are used to protect data amid data processing. These solutions are helping companies overcome privacy-, regulatory- and data-secrecy hurdles. As companies consolidate their security solutions, the focus on securing data and maintaining privacy remains paramount.

Gartner expects a 30% increase in fully remote or hybrid workers over the next couple of years. This trend, coupled with the shift towards cloud-based solutions, means that the landscape of security and risk management will continue to evolve. The cybersecurity mesh architecture is partially done through APIs, which calls for a machine identity management program. As companies navigate this new terrain, staying vigilant and adaptable will be key.