Gartner: 7 Security and Risk Management Trends for 2022

lock icons over hands on laptop keyboard

Security and risk management in higher education and other sectors has become increasingly complex, thanks to the ever-expanding digital footprint of modern organizations, according to research firm Gartner. "The pandemic accelerated hybrid work and the shift to the cloud, challenging CISOs to secure an increasingly distributed enterprise — all while dealing with a shortage of skilled security staff," noted Research Vice President Peter Firstbrook. That's a difficult position from which to defend an institution against new and emerging threats.

In a recent report, Gartner outlined seven trends impacting cybersecurity and risk management practices in the coming year. The trends build on and reinforce one another, Firstbrook said: "Taken together, they will help CISOs evolve their roles to meet future security and risk management challenges and continue elevating their standing within their organizations." Following are key areas to watch and how institutions can adapt their security approaches in response to evolving needs.

1) Attack surface expansion. The use of cyber-physical systems (technologies that utilize sensing, computation, control, networking and analytics to interact with the physical world) and the Internet of Things, open source code, cloud applications, social media and more has resulted in a wider range of security exposures, Gartner said. "Organizations must look beyond traditional approaches to security monitoring, detection and response," the report advised. "Digital risk protection services (DRPS), external attack surface management (EASM) technologies and cyber asset attack surface management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps."  

2) Digital supply chain risk. By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, according to a Gartner prediction. "Digital supply chain risks demand new mitigation approaches that involve more deliberate risk-based vendor/partner segmentation and scoring, requests for evidence of security controls and secure best practices, a shift to resilience-based thinking and efforts to get ahead of forthcoming regulations," the report said.

3) Identity threat detection and response. "Credential misuse is now a primary attack vector," Gartner said. The research firm uses the term "identity threat detection and response," or ITDR, to describe the tools and best practices needed to defend identity systems. "Organizations have spent considerable effort improving [identity and access management] capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure," Firstbrook pointed out. "ITDR tools can help protect identity systems, detect when they are compromised and enable efficient remediation."

4) Distributing decisions. "The scope, scale and complexity of digital business makes it necessary to distribute cybersecurity decisions, responsibility and accountability across the organization units and away from a centralized function," Gartner said. As a result, the role of a cybersecurity leader must evolve from sole decision-maker to more of a facilitator. "By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of digital organizations," Firstbrook said. "CISOs must reconceptualize their responsibility matrix to empower Boards of Directors, CEOs and other business leaders to make their own informed risk decisions."

5) Beyond awareness. Traditional, compliance-centric approaches to security awareness training are ineffective, Gartner said. Instead, the company advised investing in "holistic security behavior and culture programs," which focus on "fostering new ways of thinking and embedding new behavior with the intent to provoke more secure ways of working across the organization."

6) Vendor consolidation. The need to reduce complexity and administrative overhead while increasing effectiveness is driving convergence in security technologies, Gartner said. For example, for many organizations, cloud-delivered secure web gateway, cloud access security broker, zero trust network access and branch office firewall-as-a-service capabilities might all be provided by the same vendor. "Consolidation of security functions will lower total cost of ownership and improve operational efficiency in the long term, leading to better overall security," Gartner asserted.

7) Cybersecurity mesh. "A cybersecurity mesh architecture (CSMA) helps provide a common, integrated security structure and posture to secure all assets, whether they're on-premises, in data centers or in the cloud," Gartner explained. This is important in defining consistent security policies, enabling workflows and exchanging data among security solutions.

The full report is available to Gartner clients here.

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • close-up illustration of a hand signing a legislative document

    California Passes AI Safety Legislation, Awaits Governor's Signature

    California lawmakers have overwhelmingly approved a bill that would impose new restrictions on AI technologies, potentially setting a national precedent for regulating the rapidly evolving field. The legislation, known as S.B. 1047, now heads to Governor Gavin Newsom's desk. He has until the end of September to decide whether to sign it into law.

  • illustration of a VPN network with interconnected nodes and lines forming a minimalist network structure

    Report: Increasing Number of Vulnerabilities in OpenVPN

    OpenVPN, a popular open source virtual private network (VPN) system integrated into millions of routers, firmware, PCs, mobile devices and other smart devices, is leaving users open to a growing list of threats, according to a new report from Microsoft.

  • interconnected cubes and circles arranged in a grid-like structure

    Hugging Face Gradio 5 Offers AI-Powered App Creation and Enhanced Security

    Hugging Face has released version 5 of its Gradio open source platform for building machine learning (ML) applications. The update introduces a suite of features focused on expanding access to AI, including a novel AI-powered app creation tool, enhanced web development capabilities, and bolstered security measures.