[ad_1]
Security and risk management (SRM) leaders must rethink the balance of their investments between technology and human-centric elements as they create and implement cybersecurity programs based on nine industry trends.
That’s according to technology and research consulting firm Gartner, which says that to address cybersecurity risk and maintain an effective cybersecurity program, SRM leaders must focus on three key areas: (i) People are critical to security program success role and sustainability; (ii) technical security capabilities to provide greater visibility and responsiveness across the organization’s digital ecosystem; (iii) reorganization of how the security function operates to Achieve agility.
“A human-centered approach to cybersecurity is critical to reducing security failures,” said Richard Addiscott, senior director analyst at Gartner. “A focus on people in controls design and implementation, as well as through business communications and cybersecurity talent management, will help improve business risk decision-making and cybersecurity personnel retention.”
Here are nine trends that will broadly impact SRM leaders in these three areas:
Trend 1: Human-Centered Security Design
Human-Centered Security Design prioritizes the role of employee experience in the control management lifecycle. By 2027, 50 percent of large enterprise Chief Information Security Officers (CISOs) will adopt human-centered security design practices to minimize friction and maximize controls due to cybersecurity.
“Traditional safety awareness programs have failed to reduce unsafe employee behavior,” Addiscott said. “CISOs must review past cybersecurity incidents to identify the main sources of friction caused by cybersecurity and identify where they can reduce the burden on employees through more human-centered controls, or where there is no significant reduction in risk. remove friction-increasing controls in the absence of
Trend 2: Strengthening People Management for Security Program Sustainability
Traditionally, cybersecurity leaders have focused on improving the technologies and processes that support their initiatives, paying little attention to the people creating those changes. CISOs who adopt a people-centered approach to talent management to attract and retain talent have increased functional and technical maturity. Gartner predicts that by 2026, 60% of organizations will shift from external hiring to “quiet hiring” from internal talent marketplaces to address systemic cybersecurity and recruiting challenges.
Trend 3: Transforming the Cybersecurity Operating Model to Support Value Creation
Technology is moving from central IT functions to lines of business, corporate functions, converged teams and individual employees. A Gartner survey found that 41 percent of employees work in some kind of technology job, a trend expected to continue growing over the next five years.
“Business leaders now generally agree that cybersecurity risk is a top business risk to manage rather than a technology problem to solve,” Addiscott said. “Supporting and accelerating business outcomes is a core cybersecurity priority, but remains the biggest challenge.”
CISOs must revise their cybersecurity operating models to integrate how work is done. Employees must know how to balance many risks, including cybersecurity, financial, reputational, competitive and legal risks. Cybersecurity must also be linked to business value by measuring and reporting success against business outcomes and priorities.
Trend 4: Threat Exposure Management
The attack surface of modern enterprises is complex and prone to fatigue. CISOs must improve their assessment practices to understand the threats they face by implementing a Continuous Threat Exposure Management (CTEM) program. Gartner predicts that by 2026, organizations that prioritize their security investments under a CTEM program will experience two-thirds fewer breaches.
“CISOs must continually improve their threat assessment practices to keep up with their organizations’ evolving work practices, using CTEM methods to assess more than just technical vulnerabilities,” Addiscott said.
Trend 5: Identity Structure Immunity
Fragile identity infrastructure results from incomplete, misconfigured, or vulnerable elements in the identity structure. By 2027, the principles of identity fabric immunity will stop 85% of new attacks, reducing the financial impact of a breach by 80%.
“Identity Fabric Immunity not only protects existing and new IAM components in the Identity Threat and Detection Response (ITDR) fabric, but also strengthens it by completing and properly configuring it,” Addiscott said.
Trend 6: Network Security Verification
Cybersecurity Verification brings together the techniques, processes and tools used to verify how potential attackers exploit identified threat exposures. The tools required for cybersecurity validation have made significant progress in automating repeatable and predictable assessments, enabling regular benchmarking of attack techniques, security controls, and processes. By 2026, more than 40 percent of organizations, including two-thirds of midsize businesses, will rely on consolidated platforms to run cybersecurity validation assessments.
Trend 7: Network security platform integration
As organizations look to simplify operations, vendors are consolidating platforms around one or more major cybersecurity areas. For example, identity security services can be delivered through a common platform that combines governance, privileged access, and access management capabilities. SRM leaders need to continuously take stock of security controls to understand where there is overlap and reduce redundancies by consolidating platforms.
Trend 8: Composable business requires composable security
Organizations must move from relying on a single system to building modular functionality into their applications in response to the ever-accelerating pace of business change. Composable security is an approach to integrating cybersecurity controls into architectural patterns and then applying them at a modular level in composable technology implementations. By 2027, more than 50 percent of core business applications will be built using composable architectures, requiring a new approach to securing these applications.
“Composable security is designed to protect composable businesses,” Addiscott said. “Creating applications using composable components introduces undiscovered dependencies. This represents a significant opportunity for CISOs to embed privacy and security by design by creating component-based, reusable security control objects.”
Trend 9: Boards expand their capabilities in cybersecurity oversight
The board’s increased focus on cybersecurity is being driven by the trend towards clear levels of accountability for cybersecurity, including increased accountability of board members in their governance activities. Cybersecurity leaders must provide reports to the board demonstrating the impact of cybersecurity programs on organizational goals.
“SRM leaders must encourage active board participation in cybersecurity decision-making,” Addiscott said. “Advise the Board of Directors on actions to be taken as strategic advisor, including budget allocation and security resources.” — trade arab news agency
[ad_2]
Source link