Leadership and Governance
When addressing cybersecurity and technology risk in digital business, improving leadership and governance is arguably more important than developing technology tools and skills. Decision making, prioritization, budget allocation, measurement, reporting, transparency and accountability are key attributes of a successful program that balances the need to protect against the need to run the business.
The Evolving Threat Environment
Advanced threats continue to evolve, and Gartner provides a top-down analysis of the latest trends for addressing these targeted and pervasive mechanisms. We also explore the potential future of threats in 2020, where the blurring of the lines between physical and digital will make safety a primary concern of cybersecurity. Incident response must address recovery and resilience in the face of aggressive business disruption attacks.
Cybersecurity at the Speed of Business
Digital business moves at a faster pace than traditional business, and traditional security approaches designed for maximum control will no longer work in the new era of digital innovation. Business opportunity, development, decision making and expectations will have to be addressed in a timely and efficient manner, requiring new skills and practices. Programs will evolve. Bimodal IT and the emergence of Mode 2 projects in mainstream management will require a new approach to cybersecurity.
Cybersecurity at the New Edge
It was once easy to protect data, because we knew where it was — in the data center. The new edge has pushed far beyond the data center into operational technology, the cloud, SaaS and things. Organizations need to address cybersecurity and risks in technologies and assets they no longer own or control. Business unit IT is a fact in most modern enterprises, and it will not be shut down by cybersecurity and risk concerns. It must be embraced and managed to deliver appropriate levels of protection.
People and Process: Cultural Change
It has been a platitude for years that cybersecurity requires people, process and technology; however, the people and process have not received the same attention as the technology. Cybersecurity in many organizations has been written off as a technical problem, handled by technical people and buried in IT. With the acceleration of digital business and the power technology gives individuals, it is now critical to address behavior change and engagement — from your employees to your customers. Cybersecurity must accommodate and address the needs of people through process and cultural change.