More than ever, companies are being called upon to radically change their approach to cybersecurity. Today's increasingly broad and complex digital landscape and the continuing evolution of cyber threats require moving beyond the rigidity of past models and strengthening defenses.
Indeed, modern organizations need to adapt to new scenarios, intercepting in time the cybersecurity trends that mark the new era of enterprise security. In this article, we report on three among those identified by Gartner in recent reports: minimum effective mindset, identity protection and generative artificial intelligence.
According to Gartner, CISOs must adopt what is known as the minimum effective mindset to maximize the impact of cybersecurity on the business - that is, minimize inputs while optimizing the resources at their disposal to achieve maximum results. This approach finds application on a number of fronts, from software procurement to data collection, from talent recruitment to personnel controls.
Instead of ramping up the number of tools in pursuit of the most innovative solution, enterprise security managers should better coordinate and have key security solutions communicate to detect threats, defend environments, and respond to breaches. This allows the security team to reduce the complexity of relying on an overly articulated technology stack and avoid interoperability problems between different systems.
Similarly, rather than continuing to seek insight, it is ideal to identify the minimum and essential amount of information needed for defense and to draw a clear line between the budget available for cybersecurity activities and the number of vulnerabilities that can be covered by that budget. The minimum effective mindset theory also works well with employee security policies. It turns out to be essential for a holistic approach to cybersecurity.
According to the Identity Defined Security Alliance, nearly 90 percent of organizations experienced identity theft-based attacks in 2023. With the spread of remote working, growth in cloud adoption and expansion of the corporate perimeter, identity management continues to add complexity and new challenges in accessing corporate resources. Identity theft and account cracking techniques, added to phishing and social engineering, still account for more than 10 percent of all attack types.
Identity and access management and protection has therefore become a key factor in ensuring the security of organizations. Gartner recommends redoubling efforts to implement proper identity hygiene and making this a priority for the security program. To make identity and access management systems more robust, control over access rights must also be expanded to the cloud and advanced threat detection and response capabilities directed specifically at identities must be introduced.
Multi Factor Authentication (MFA) solutions are no longer sufficient to ensure effective identity defense: facing modern cyber attacks, it is the lack of visibility into user access and behavior that is the main cause of risk. Security leaders must assess the dangers within their environment and understand the intersections of identity, cloud, privacy, and network security by taking an identity-centric approach to security.
If 2023 was the year of the emergence of Generative AI, 2024 is the year of its application. According to Gartner, generative AI is already dominating the technical and product agendas of almost all technology vendors, reshaping growth strategies and daily tools.
Like any new technology, however, GenAI is not risk-free: according to recent McKinsey research, less than one-third of companies have taken steps to reduce their use of advanced AI technologies in order to mitigate cybersecurity risks. GenAI does, in fact, introduce new attack surfaces that, as such, need protection.
This requires major changes in application and data security policies and monitoring of user behavior. In particular, security managers should establish clear rules on the use of LLM and other tools such as ChatGPT by employees to minimize risks, and always include "human" oversight in the processes now entrusted to GenAI.
It is critical, therefore, that security teams continue to adapt security approaches and policies to the changes brought about by new technologies. Also according to Gartner, by 2026, companies that succeed in combining GenAI with an integrated platform-based architecture in behavioral and cultural security programs will achieve a 40 percent reduction in employee-caused cybersecurity incidents.
In such a context, a cyber resilience strategy assumes a key role because it enables enterprises to anticipate, respond to, and recover from the cyber attacks that the adoption of technologies such as Generative AI inevitably brings.