Gartner: 7 Security and Risk Management Trends for 2022

lock icons over hands on laptop keyboard

Security and risk management in higher education and other sectors has become increasingly complex, thanks to the ever-expanding digital footprint of modern organizations, according to research firm Gartner. "The pandemic accelerated hybrid work and the shift to the cloud, challenging CISOs to secure an increasingly distributed enterprise — all while dealing with a shortage of skilled security staff," noted Research Vice President Peter Firstbrook. That's a difficult position from which to defend an institution against new and emerging threats.

In a recent report, Gartner outlined seven trends impacting cybersecurity and risk management practices in the coming year. The trends build on and reinforce one another, Firstbrook said: "Taken together, they will help CISOs evolve their roles to meet future security and risk management challenges and continue elevating their standing within their organizations." Following are key areas to watch and how institutions can adapt their security approaches in response to evolving needs.

1) Attack surface expansion. The use of cyber-physical systems (technologies that utilize sensing, computation, control, networking and analytics to interact with the physical world) and the Internet of Things, open source code, cloud applications, social media and more has resulted in a wider range of security exposures, Gartner said. "Organizations must look beyond traditional approaches to security monitoring, detection and response," the report advised. "Digital risk protection services (DRPS), external attack surface management (EASM) technologies and cyber asset attack surface management (CAASM) will support CISOs in visualizing internal and external business systems, automating the discovery of security coverage gaps."  

2) Digital supply chain risk. By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, according to a Gartner prediction. "Digital supply chain risks demand new mitigation approaches that involve more deliberate risk-based vendor/partner segmentation and scoring, requests for evidence of security controls and secure best practices, a shift to resilience-based thinking and efforts to get ahead of forthcoming regulations," the report said.

3) Identity threat detection and response. "Credential misuse is now a primary attack vector," Gartner said. The research firm uses the term "identity threat detection and response," or ITDR, to describe the tools and best practices needed to defend identity systems. "Organizations have spent considerable effort improving [identity and access management] capabilities, but much of it has been focused on technology to improve user authentication, which actually increases the attack surface for a foundational part of the cybersecurity infrastructure," Firstbrook pointed out. "ITDR tools can help protect identity systems, detect when they are compromised and enable efficient remediation."

4) Distributing decisions. "The scope, scale and complexity of digital business makes it necessary to distribute cybersecurity decisions, responsibility and accountability across the organization units and away from a centralized function," Gartner said. As a result, the role of a cybersecurity leader must evolve from sole decision-maker to more of a facilitator. "By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of digital organizations," Firstbrook said. "CISOs must reconceptualize their responsibility matrix to empower Boards of Directors, CEOs and other business leaders to make their own informed risk decisions."

5) Beyond awareness. Traditional, compliance-centric approaches to security awareness training are ineffective, Gartner said. Instead, the company advised investing in "holistic security behavior and culture programs," which focus on "fostering new ways of thinking and embedding new behavior with the intent to provoke more secure ways of working across the organization."

6) Vendor consolidation. The need to reduce complexity and administrative overhead while increasing effectiveness is driving convergence in security technologies, Gartner said. For example, for many organizations, cloud-delivered secure web gateway, cloud access security broker, zero trust network access and branch office firewall-as-a-service capabilities might all be provided by the same vendor. "Consolidation of security functions will lower total cost of ownership and improve operational efficiency in the long term, leading to better overall security," Gartner asserted.

7) Cybersecurity mesh. "A cybersecurity mesh architecture (CSMA) helps provide a common, integrated security structure and posture to secure all assets, whether they're on-premises, in data centers or in the cloud," Gartner explained. This is important in defining consistent security policies, enabling workflows and exchanging data among security solutions.

The full report is available to Gartner clients here.

About the Author

Rhea Kelly is editor in chief for Campus Technology, THE Journal, and Spaces4Learning. She can be reached at [email protected].

Featured

  • Global AI vibrancy ranking

    United States Leads in Stanford HAI Global AI Ranking

    A new ranking tool from the Stanford Institute for Human-Centered AI (HAI) AI Index puts the United States in the No. 1 spot for global AI leadership.

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • pattern featuring interconnected lines, nodes, lock icons, and cogwheels

    Red Hat Enterprise Linux 9.5 Expands Automation, Security

    Open source solution provider Red Hat has introduced Red Hat Enterprise Linux (RHEL) 9.5, the latest version of its flagship Linux platform.

  • MathGPT

    MathGPT AI Tutor Now Out of Beta

    Ed tech provider GotIt! Education has announced the general availability of MathGPT, an AI tutor and teaching assistant for foundational math support.