Rethinking Cybersecurity at Gartner Security & Risk Management 2024: Beyond Prevention & Embracing Resilience

CIOs and CISOs are constantly battling a rising tide of risk and cyber threats alongside an increasingly complex infrastructure. At this year’s Gartner® Security & Risk Management Summit, the opening keynote session took this issue head-on. Gartner analysts, Christopher Mixter and Dennis Xu, kicked off this year’s annual conference with a novel idea: augmented cybersecurity.

Now you may be rolling your eyes and thinking that this is going to be a session about artificial intelligence (AI). But it turned out to be much more than that.

So, what does “augmented cybersecurity” mean? In this blog post, we’re summarizing their session, along with some of our key takeaways.

And if you want to view the full keynote, check out Gartner’s recording on YouTube.

Current State: Zero Tolerance for Failure

Mixter and Xu start the keynote by describing our current security environment: a security posture built on a protect-the-perimeter approach, which has been failing for some time and failed even more during the pandemic. The rise and continued staying power of distributed workforces has only accelerated the complexity of our IT environments: “…we find ourselves now defending multiple fronts with very little space between the attackers and the attack surface.”

2024 Gartner Security & Risk Management Keynote slide 75% of cyber pros say most challenging environment in 5 years.

Amidst this growing attack surface, complex infrastructure, budget constraints, and cyber talent shortages, IT and Security teams are under immense pressure with a “zero tolerance for failure” mindset. This includes security leaders.

But this is a flawed mindset. It has driven enterprises to continue adding security tools to their tech stack. Mixter and Xu note that, while prevention is crucial, it’s not the only answer. Spending more and more on prevention won’t solve the problem. The attackers are always innovating, and the attack surface keeps growing.

Maturity in Response and Recovery: The Key to Resilience

How can you move past this flawed mindset?

Mixter and Xu highlighted a recent Gartner cybersecurity controls assessment study showing that organizations ranked response and recovery as more importance than protection, but when compared with the security maturity, there was a significant gap.

2024 Gartner Security & Risk Management Keynote slide - Cybersecurity Controls gap

Reducing this gap needs to be a priority. The key is to reduce the focus on prevention and invest in a holistic cybersecurity approach that includes response and recovery.

This includes having a plan for how to respond to incidents, as well as how to recover from them. Investing in response and recovery will help organizations to be more resilient in the face of cyber attacks.

Leverage a Minimum Set of Tools

This zero-failure, protection-first mindset, Mixter and Xu argue, has led to organizations buying more and more tools to fortify the perimeter. That’s why organizations should adopt a minimum effective toolset approach. This means having just the right amount of cybersecurity tools to effectively protect and defend the organization, freeing up resources and allowing security teams to focus on other important tasks.

How can you achieve this? Here are some tips to get you started:

  • Create an inventory of all the cybersecurity tools currently being used.
  • Understand which tools you’re using for controls or to manage your risk.
  • Evaluate tools that offer overlapping functionality for risk management and security controls and the value of each tool. Assess if you can get rid of any tools that are not adding value or offer security capabilities in another tool.
  • Be more selective about new cybersecurity tools. Only purchase tools that are necessary to fill gaps in the organization’s defenses.

2024 Gartner Security & Risk Management Keynote slide - Toolset Evaluation

Building a Resilient Workforce: Culture is Key

Finally, organizations need a resilient cyber workforce, and that starts with building a culture that supports resilience. Instead of punishing failure or rewarding heroism, consider praising experimentation, even if it fails.

Part of this means leveraging AI for cybersecurity. Gartner predicts that by 2026, AI will increase the efficiency of the Security Operations Center by 40% compared to 2024. Mixter and Xu talks about finding efficiencies with generative AI (genAI). Within Security Operations, this can mean script analysis, incident summarization, knowledge discovery, and guided hunting. These kinds of genAI use cases can help reduce the stress and pressure on IT and security teams, augmenting their skills and enabling enterprises to see productivity gains at the same time.

Conclusion

Mixter and Xu ends their keynote by summarizing augmented cybersecurity: “the sustainable way to defend the enterprise because it elevates response and recovery to equal status with…prevention.” By investing in response and recovery capabilities, building a resilient workforce, and fostering a culture that values learning from mistakes, we can strengthen our defenses and better protect our organizations. Because cybersecurity is not just about preventing attacks – it’s about being prepared for the inevitable and having the resilience to bounce back stronger.

The presentation has much more content than we were able to cover in this short blog post, so check out the full recording here.

If your organization is looking to manage and secure its devices, consolidate endpoint and vulnerability management, and automate hundreds of processes to alleviate the burdens on your IT and cyber workforce, check out Syxsense.

 

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.