We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in
On Day 1 from the conference, we are highlighting the top cybersecurity trends this year; actions CISOs should take to enable the generative AI journey; and how to address third-party risks.
Key Announcements
Gartner Unveils Top Eight Cybersecurity Predictions for 2024
Top Trends in Cybersecurity for 2024
Presented by
CISOs and their teams are facing disruptions across multiple converging fronts: technological, structural and the human element. Proactive preparation and pragmatic execution are vital to address these disruptions, and deliver an effective, optimized cybersecurity program. In this session,
Key Takeaways
Through 2025, generative AI will cause a spike in the cybersecurity resources required to secure it, causing more than a 15% incremental spend on application and data security. 'CISOs must update application and data security practices to integrate new attack surfaces such as the prompts or the orchestration layers to instrument AI models.'
'Outcome driven metrics (ODMs) are operational metrics that enable stakeholders of organizations to establish a direct correlation between their investments in cybersecurity and the level of protection they receive.'
'A defensible cybersecurity program depends on all parties agreeing on what they are willing to spend, based on agreement on the appropriate level of protection.'
'Security behavior and culture programs focus on fostering new ways of thinking and embedding new behavior with the intent to provoke new, more secure ways of working across the organization.'
'Continuous threat exposure management helps security leaders keep up with the pace of change. It not only seeks to address gaps in security controls, but also in risk understanding and response/remediation processes.'
5 Things CISOs Must Do to Enable the GenAI Journey Today
Presented by
With increasing focus on generative AI (GenAI) within organizations, CISOs need to focus on breaking down the hype, knowing best practices, and establishing guardrails around the technology. In this session,
Key Takeaways
'Set clear expectations for GenAI use by defining goals and principles using a collaborative approach. This involves identifying and managing the risks, establishing clear use cases and measuring progress.'
'Establish GenAI governance by defining strategies, ground rules and acceptable use policies to inform users of their obligations. It also provides actionable guidance and transparency to help them decide on proper use and sanctions for misuse.'
'Value traceability to track and explain GenAI processes, including the data it uses and the decisions it makes, to ensure transparency, accountability and trustworthiness.'
'Manage the skills and talents in your team. Reset your expectations on the workforce impact of GenA - it augments and supports your staff, but it doesn't replace them.'
'Measure the success and expected productivity improvements of your security investments in GenAI by using outcome-driven metrics - such as business value, risk posture and cost.'
Cyberattack, Pandemic and War: Address Third-Party Risks to Ensure Business Resiliency
Presented by
Organizations operate in an uncertain world with a wide range of risks beyond just cyber, such as geopolitical and financial. It's inevitable those risks extend to the third parties organizations engage with. In this session,
Key Takeaways
'An independent assessment of your third-party risks is useful - but the risks you should be worried about depends on your intentions, and your risk appetite. This is largely determined by the countries, laws and regulations you operate in, as well as industry norms.'
'Engage with your stakeholders to define risk parameters and non-negotiable controls, focusing on the crown jewels. Gain the political cover you need by having the board ratify your parameters.'
'There are different risks and controls associated with different types of third parties. SaaS vendors with access to your data, for example, will have different controls than onsite services providers or hardware vendors.'
'Conduct business continuity testing with your third-party vendors to stress test your planning with different disaster scenarios. Having a plan and conducting response exercises significantly improves your overall effectiveness.'
'It's important to monitor your internal controls and build collaborative relationships with your third parties - see them as allies. This can result in a 42% improvement in effectiveness.'
It's not too late to join the conference!
Tune back in tomorrow for more updates from the conference.
About Gartner
(C) 2024 Electronic News Publishing, source