Felipe Contin Sampaio 3:26 PM (0 minutes ago) to me

BR +55 11 3069 3925 | USA +1 469 620 7643

How important is Gartner to the cybersecurity universe?

by | Jul 12, 2019 | BLOG

Every day, new news about data leaks in organizations of all sizes and different industries is emerging. According to Accenture’s 2019 Cost of Cybercrime report, the number of leaks increased by 11% between 2017 and 2018, and 67% over the last 5 years. The trends show that this number will continue to increase considering the evolution not only of the amount of data available, but also of devices connected to the infrastructure of organizations, including mobile, Industry 4.0, and Internet of Things devices. 

Aspects related to cybersecurity have become a challenge for organizations, affecting even the continuity of their businesses. In addition, CISOs increasingly view cybersecurity as a business risk to be addressed, and customers require organizations to be better prepared to protect their personal data, including their consumer and trust relationships. Finally, regulations such as GDPR (Europe), LGPD (Brazil) and CACC (the State of California, United States) have also been showing that governments are taking cybersecurity and privacy seriously.

Considering the increase in cybersecurity risks, it is a business must for information security executives to mitigate these risks, thus allowing business continuity and increasing the confidence of its customers, employees, partners, and suppliers.  In this scenario, more than 15,000 organizations in more than 100 countries rely on Gartner as a consultant for strategic decision-making not only in cybersecurity but in countless other subjects such as Human Resources, Finances and Risk and Audit. But what is Gartner after all?

Gartner, Inc., or simply Gartner, was founded exactly 40 years ago by Gideon Gartner in the US city of Stamford, Connecticut. Its numbers impress: a team of more than 15,000 associates is responsible for bringing more than $4 billion in annual revenue, according to its website. The programs and services offered by Gartner include research, consulting, and events. Its tools include the Hype Cycle, as well as Market Guides and Magic Quadrants, allowing organizations to visualize the results of market analysis and a range of solutions for decision-making strategies, including those linked to cybersecurity. Gartner events are marked on the calendars of most executives across the globe and are held year-round across four continents. In Brazil, Gartner annually organizes the IT Symposium/Xpo conferences as well as Security and Risk Management conferences. In the latter, CISOs have the opportunity to exchange experiences and also discover the latest security trends for Cloud, Artificial Intelligence, Internet of Things, Blockchain, DevOps, as well as the main challenges in Information Security for executives and their organizations.

According to Gartner, by 2022, the ratings related to cybersecurity will become as important as those associated with credit, considering the assessment of these risks to establish business relationships. The big challenge for organizations in this new digital era is to turn cybersecurity risk management into a competitive benefit for business leverage. 

Gartner also sees IT strategies increasingly aligned with business goals. In this scenario, the skills of leaders in Information Security and Risk Management become essential in presenting these aspects in an assertive way to support the strategic decision-making process in companies. In short, it is necessary that the areas of Information Technology and Security are close to top management and should be considered not only as a means to introduce solutions to technical problems but to allow organizations to achieve their business goals.

Considering this paradigm shift, Gartner has introduced a strategic approach to Cybersecurity Risk Management in 2017, called the Continuous Adaptive Risk and Trust Assessment (CARTA). This approach is based on new Zero Trust models, which, unlike the old “trust, but verify” concept models, eliminate security perimeter concepts that delimit the environment into reliable and unreliable, and turn everything and everyone into possible threats to the organization.

Thus, it is believed that CISOs must review their threat detection and response strategies. These strategies require new investments in their Security Operations Centers (SOCs) so that they are able not only to prevent but also to detect and respond to threats. And this is not an easy challenge to overcome, considering that these threats can be not only outside the environment but also within it. Gartner estimates that by 2022, 50% of all SOCs will have the ability to detect and respond appropriately to security incidents, including using Artificial Intelligence and Machine Learning concepts.  

Thus, it is possible to say that the scale and scope of cyber threats are far from decreasing. As new technologies are introduced, they bring with them new threats to companies. In addition – considering cybersecurity risks not only as technical aspects but as paramount to business continuity – it is essential that Information Technology and Security leaders align with the top management and business goals. In this scenario, Gartner emerges as a key player in helping these leaders define new strategies based on best practices in cybersecurity, using solutions that adequately address threats and are adherent to their businesses, and promote the exchange of experience between executives from different countries and industries. Thus, it can be assumed that it will be possible to appropriately identify and mitigate Information Security risks by enabling these organizations to maintain the satisfaction of their customers, employees, partners, and suppliers, and thereby ensure that they achieve their business goals.

The main causes of data leaks

Data leaks occur whenever a user or organization has their sensitive information exposed, putting the security and privacy of companies and people at risk. Know more! The Data Breach Investigation Report 2022, conducted by the Ponemon Institute, provides an overview...

What is the SOC 2 report and why is it important for senhasegura?

SOC 2 provides a report after completing the audit. Recently, senhasegura conquered this milestone, providing details on the principles of confidentiality, processing integrity, availability, and information security. Want to know more about this subject? Read our...

What is a lateral movement attack and how does it occur?

A lateral movement attack occurs when the cybercriminal gains access to an initial target to move between devices within the network without their presence being noticed. In this article, we explain in detail what side threats are and how to avoid them. Want to know...

Why are government organizations favorite targets for cybercriminals?

The government segment was one of the most attacked by hackers in the last quarter of 2022. Learn more! In recent years, malicious actors have demonstrated a propensity to attack government organizations, including through ransomware, although governments are not...

Building a Ransomware Incident Response Plan

Ransomware is a type of cyberattack where malicious attackers lock down their victims' computers and demand a ransom to unlock. In this, we show you how to create a response plan for incidents involving ransomware. Want to know everything about it? Read our text until...