CxoToday
Search
Close this search box.
CxoToday
Search
Close this search box.
HomePress ReleaseGartner Identifies Three Areas for CISOs to Augment Their Cybersecurity Approach
Press Release

Gartner Identifies Three Areas for CISOs to Augment Their Cybersecurity Approach

CXOtoday News DeskCXOtoday News Desk
Gartner

Organizations Must Augment Their Approach to Elevate Response and Recovery to Equal Status with Prevention

 

Chief information security officers (CISOs) who elevate response and recovery to equal status with prevention are generating more value than those who adhere to out-dated zero tolerance for failure mindsets, according to Gartner, Inc.

“Each new cybersecurity disruption exposes the fact that CISOs manage more through adrenaline than intention, which is unsustainable,” said Dennis Xu, VP Analyst at Gartner. “CISOs need to be resilient through intention, rather than adrenaline, if they want to thrive.”

“The industry has made incredible strides on the prevention side of things, but response and recovery remain under-developed muscles because of the industry’s zero tolerance for failure mindset,” said Christopher Mixter, VP Analyst at Gartner. “In an era where successful cyberattacks are increasing in volume and impact despite preventative cyber investments, organizations must augment their approach to elevate response and recovery to equal status with prevention.”

To begin the journey toward augmented cybersecurity, Gartner’s label for a cybersecurity function that has elevated response and recovery to equal status with prevention, CISOs should prioritize three areas of activity: building cyber fault tolerance in the business, streamlining to a minimum effective cyber toolset, and building a resilient cyber workforce.

Build Cyber Fault Tolerance in the Business

Gartner recommends that CISOs work to build cyber fault tolerance into their business by   focusing first on two areas of business activity where preventative cybersecurity measures are very visibly underperforming: generative AI (GenAI) and the use of third-parties.

For a rapidly evolving technology like GenAI, it is impossible to prevent all attacks at all times. The ability to adapt to, respond, and recover from inevitable issues is critical for organizations to explore GenAI successfully. Therefore, effective CISOs are complementing their prevention-oriented guidance for GenAI with effective response and recovery playbooks.

Regarding third-party cybersecurity risk management, no matter the cybersecurity function’s best efforts, organizations will continue to work with risky third parties. Cybersecurity’s real impact lies not in asking more due diligence questions, but in ensuring the business has documented and tested third-party-specific business continuity plans in place.

“CISOs should be guiding the sponsors of third-party partners to create a formal third-party contingency plan, including things like an exit strategy, alternative suppliers list, and incident response playbooks,” said Mixter. “CISOs tabletop everything else. It’s time to bring tabletop exercises to third-party cyber risk management.”

Minimum Effective Toolset

One of the places that the zero tolerance for failure mindset is most embedded is in cybersecurity’s approach to technology.

“CISOs keep old gear past its sell-by date while also rushing to add new tools without fully understanding the added cost and management complexity they bring,” said Xu. “CISOs must break the cycle of gear acquisition syndrome that inhibits their ability to thrive by embracing an ethos of adopting the fewest number of tools required to observe, defend and respond to exploitations of the organization’s exposures.”

To achieve this, CISOs should:

  • Identify redundancies and gaps by mapping their toolset to their controls framework.
  • Build technology proofs of concept around deployment risks, not just feature functionality.
  • Aggressively pursue GenAI augmentations to existing tools.

Build A Resilient Cyber Workforce

“CISOs and their teams often have a heroism mindset,” said Mixter. “They feel they must avoid bad outcomes at all costs, even at the expense of their health. They need innovation, experimentation, and engagement from their people more than ever, but the way they ask their people to operate often has the opposite effect.”

To create a resilient cyber workforce, CISOs must treat resilience as a true competency, and build it in their people in the same way they build technical and other competencies:

  • Make it easy for employees to get the support they need: This includes building self-care into employee workflows, like counseling and decompression exercises during active incidents.
  • Share failure/learning stories: CISOs should set an example and be the first to share examples of times they fell short of their objectives and what they learned from those experiences.
  • Reengineer work to reduce burnout: Engage employees to understand where they experience friction in their work, reduce bottlenecks, and leverage automation to free people up to focus their energy on activities that truly demand it.

Learn more in the complimentary Gartner research “Augmented Cybersecurity: Winning Actions To Thrive Amidst Chaos and Complexity.”

Additional leadership trends will be presented during Gartner IT Symposium/Xpo, the world’s most important conferences for CIOs and other IT executives. Gartner analysts and attendees will explore the technology, insights and trends shaping the future of IT and business, including how to unleash the possibility of generative AI,  business transformation, cybersecurity, customer experience, data analytics, executive leadership and more. Follow news and updates from the conferences on X using #GartnerSYM.

Upcoming dates and locations for Gartner IT Symposium/Xpo include:
911 September 2024 | Gold Coast, Australia
21–24 October 2024 | Orlando, FL
28–30 October 2024 | Tokyo, Japan
4–7 November 2024 | Barcelona, Spain

1113 November 2024 | Kochi, India

 

About Gartner for Cybersecurity Leaders

Gartner for Cybersecurity Leaders equips security leaders with the tools to help reframe roles, align security strategy to business objectives and build programs to balance protection with the needs of the organization. Additional information is available at https://www.gartner.com/en/cybersecurity/products/gartner-for-cisos.

Follow news and updates from Gartner for Cybersecurity Leaders on X and LinkedIn using #GartnerSEC. Visit the Gartner Newsroom for more information and insights.

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com.

Tags :Gartner
add a comment

You Might Also Like

CxoToday
CXOtoday is a premier resource on the world of IT, relevant to key business decision makers. We offer IT perspective & news to the C-suite audience. We also provide business and technology news to those who evaluate, invest, and manage the IT infrastructure of organizations. CXOtoday has a well-networked and strong community that encourages discussions on what’s happening in the world of IT and its impact on businesses.

Useful Links

Information

Connect

Facebook Twitter Linkedin

Copyright © 2024 Trivone. All Rights Reserved.

channeltimes
Techtree
SupportBiz
khelnama