Next DLP Blog

2023 Gartner Security & Risk Management Summit: 3 Takeaways

Written by Lauren Koppelman | Jun 9, 2023 4:41:36 PM

TL;DR:

  • The Gartner Security and Risk Management Summit emphasized the need for a minimum effective mindset in cybersecurity.
  • Leveraging artificial intelligence (AI) is crucial for organizations to enhance efficiency and accuracy in threat detection and response.
  • Empowering a positive security culture and involving the business in risk management is key to getting people to care about security.
  • The summit provided valuable insights and takeaways for attendees to strengthen their security posture.

The Gartner Security and Risk Management Summit brought together industry experts, professionals, and thought leaders in cybersecurity and risk management. With diverse sessions and engaging discussions, the summit provided valuable insights and key takeaways for attendees.

This blog post will explore noteworthy lessons from the summit and their implications for organizations.

1. A Minimum Effective Mindset:

A resounding theme throughout the summit was the recognition that to get the maximum impact, cybersecurity needs to take on a minimum effective mindset across business engagement, technology, and talent. Minimum effective is a deliberate, ROI-driven approach leading cybersecurity into the future.

In Monday’s keynote, Four Cybersecurity Myths were examined through the minimum effective mindset lens.

  1. Myth - More data equals better protection. Instead of just more data, savvy cybersecurity shops must pursue the least amount of information needed to help draw a line between the enterprise’s funding of cybersecurity and the amount of vulnerability that funding addresses.
  2. Myth - More technology equals better protection. Could it really be true that just around the corner, some technology is coming to save us? This is never true. This mindset causes us to buy and acquire solutions before we are quite sure how or whether there will truly be additive value. 
  3. Myth - More cybersecurity pros equals better protection. In today’s challenging cybersecurity labor market, where some sources say there are over 3 million unfilled roles, there is simply no way to scale our services to match the pace of the enterprise just by hiring more cybersecurity pros.
  4. Myth - More controls equals better protection. Employees report a huge amount of friction involved with secure behavior. Controls that are circumvented are worse than no controls at all.

2. Leveraging Artificial Intelligence:

As the cybersecurity landscape becomes increasingly complex, automation and artificial intelligence (AI) are essential tools for organizations. AI-powered solutions can enhance efficiency and accuracy from threat detection and response to managing security operations. The summit highlighted the importance of integrating automation and AI technologies into security strategies for faster and more effective incident response. In particular, Dennis Xu’s “How ChatGPT Can Improve Security Operations” session was the most densely attended at the summit. Standing room only is an understatement; the room was so packed that the door staff had to turn people away to keep the room safe.

3. How to Get People to Care About Security and Risk:

Empowering a positive security culture took center stage at the summit, emphasizing the opportunity for organizations to push security decisions out to the business. By partnering with the business on key outcomes, using emotive messages to get employees to take notice and delivering instant gratification, organizations can make better decisions, allocate resources appropriately, and proactively address potential threats. In her keynote, Mary Mesaglio talked about thoughtfully integrating the business into the overall risk management strategy through humorous “Chocolate versus Kale” analogies, but also by showing that when employees see cybersecurity as their responsibility, their behavior becomes more secure.

Conclusion:

The Gartner Security and Risk Management Summit offered invaluable insights and takeaways for attendees. From the importance of a minimum effective mindset to artificial intelligence use cases and getting people to care about security, attendees were empowered with the knowledge and tools to strengthen their security posture.