We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in Sydney, Australia. Below is a collection of the key announcements and insights coming out of the conference.

On Day 1 from the conference, we are highlighting the top cybersecurity trends this year; actions CISOs should take to enable the generative AI journey; and how to address third-party risks.

Key Announcements

Gartner Unveils Top Eight Cybersecurity Predictions for 2024

Top Trends in Cybersecurity for 2024

Presented by Richard Addiscott, Senior Director Analyst, Gartner

CISOs and their teams are facing disruptions across multiple converging fronts: technological, structural and the human element. Proactive preparation and pragmatic execution are vital to address these disruptions, and deliver an effective, optimized cybersecurity program. In this session, Richard Addiscott, Senior Director Analyst at Gartner, discussed the significant trends in security and risk management and how organizations can take advantage of them to drive cybersecurity outcomes.

Key Takeaways

Through 2025, generative AI will cause a spike in the cybersecurity resources required to secure it, causing more than a 15% incremental spend on application and data security. 'CISOs must update application and data security practices to integrate new attack surfaces such as the prompts or the orchestration layers to instrument AI models.'

'Outcome driven metrics (ODMs) are operational metrics that enable stakeholders of organizations to establish a direct correlation between their investments in cybersecurity and the level of protection they receive.'

'A defensible cybersecurity program depends on all parties agreeing on what they are willing to spend, based on agreement on the appropriate level of protection.'

'Security behavior and culture programs focus on fostering new ways of thinking and embedding new behavior with the intent to provoke new, more secure ways of working across the organization.'

'Continuous threat exposure management helps security leaders keep up with the pace of change. It not only seeks to address gaps in security controls, but also in risk understanding and response/remediation processes.'

5 Things CISOs Must Do to Enable the GenAI Journey Today

Presented by Manuel Acosta, Senior Director Analyst, Gartner

With increasing focus on generative AI (GenAI) within organizations, CISOs need to focus on breaking down the hype, knowing best practices, and establishing guardrails around the technology. In this session, Manuel Acosta, Senior Director Analyst at Gartner, detailed 5 things CISOs must do to prepare and enable their organization for GenAI.

Key Takeaways

'Set clear expectations for GenAI use by defining goals and principles using a collaborative approach. This involves identifying and managing the risks, establishing clear use cases and measuring progress.'

'Establish GenAI governance by defining strategies, ground rules and acceptable use policies to inform users of their obligations. It also provides actionable guidance and transparency to help them decide on proper use and sanctions for misuse.'

'Value traceability to track and explain GenAI processes, including the data it uses and the decisions it makes, to ensure transparency, accountability and trustworthiness.'

'Manage the skills and talents in your team. Reset your expectations on the workforce impact of GenA - it augments and supports your staff, but it doesn't replace them.'

'Measure the success and expected productivity improvements of your security investments in GenAI by using outcome-driven metrics - such as business value, risk posture and cost.'

Cyberattack, Pandemic and War: Address Third-Party Risks to Ensure Business Resiliency

Presented by Luke Ellery, VP Analyst, Gartner

Organizations operate in an uncertain world with a wide range of risks beyond just cyber, such as geopolitical and financial. It's inevitable those risks extend to the third parties organizations engage with. In this session, Luke Ellery, VP Analyst at Gartner, outlined how security and risk management leaders can address emerging third-party risks and establish effective controls to build a resilient third-party ecosystem and avoid business disruption.

Key Takeaways

'An independent assessment of your third-party risks is useful - but the risks you should be worried about depends on your intentions, and your risk appetite. This is largely determined by the countries, laws and regulations you operate in, as well as industry norms.'

'Engage with your stakeholders to define risk parameters and non-negotiable controls, focusing on the crown jewels. Gain the political cover you need by having the board ratify your parameters.'

'There are different risks and controls associated with different types of third parties. SaaS vendors with access to your data, for example, will have different controls than onsite services providers or hardware vendors.'

'Conduct business continuity testing with your third-party vendors to stress test your planning with different disaster scenarios. Having a plan and conducting response exercises significantly improves your overall effectiveness.'

'It's important to monitor your internal controls and build collaborative relationships with your third parties - see them as allies. This can result in a 42% improvement in effectiveness.'

It's not too late to join the conference!

Tune back in tomorrow for more updates from the conference.

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization's mission-critical priorities. To learn more, visit gartner.com.

(C) 2024 Electronic News Publishing, source ENP Newswire