Tuesday, 21 June 2022 10:44

Warning on cybersecurity risk in third-party transactions Featured

0
Shares
By Staff Writer

By 2025, 60% of organisations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements, according to research firm Gartner’s report on the top eight cybersecurity predictions for 2022-23.

Cyberattacks related to third parties are increasing, however, only 23% of security and risk leaders monitor third parties in real time for cybersecurity exposure, according to Gartner data - and as a result of consumer concerns and interest from regulators, it believes organisations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.

Executive performance evaluations will be increasingly linked to ability to manage cyber risk, notes Gartner, adding that almost one-third of nations will regulate ransomware response within the next three years; and security platform consolidation will help organisations thrive in hostile environments, according to the top cybersecurity predictions revealed by Gartner..

In an opening keynote at the Gartner Security & Risk Management Summit currently taking place in Sydney, Richard Addiscott, Senior Director Analyst and Rob McMillan, Managing Vice President at Gartner discussed the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders be successful in the digital era.

“We can’t fall into old habits and try to treat everything the same as we did in the past,” said Addiscott. “Most security and risk leaders now recognise that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.”

Gartner recommends that cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years:

Through 2023, government regulations requiring organisations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.
As of 2021, almost 3 billion individuals had access to consumer privacy rights across 50 countries, and

privacy regulation continues to expand. Gartner recommends that organisations track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation.

By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.
With a hybrid workforce  and data everywhere accessible by everything, vendors are offering an integrated security service edge (SSE) solution to deliver consistent and simple web, private access and SaaS application security. Single-vendor solutions provide significant operational efficiency and security effectiveness compared with best-of-breed solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected and re-encrypted.

60% of organisations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realise the benefits
The term  zero trust is now prevalent in security vendor marketing and in security guidance from governments. As a mindset — replacing implicit trust with identity- and context-based risk appropriate trust — it is extremely powerful. However, as zero trust is both a security principle and an organisational vision, it requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits.

Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021.
Modern  ransomware gangs now steal data as well as encrypt it. The decision to pay the ransom or not is a business-level decision, not a security one. Gartner recommends engaging a professional team as well as law enforcement and any regulatory body before negotiating.

By 2025, threat actors will have weaponised operational technology environments successfully to cause human casualties.
Attacks on OT– hardware and software that monitors or controls equipment, assets and processes – have become more common and more disruptive. In operational environments, security and risk management leaders should be more concerned about real world hazards to humans and the environment, rather than information theft, according to Gartner.

By 2025, 70% of CEOs will mandate a culture of organisational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.
The COVID-19 pandemic has exposed the inability of traditional business continuity management planning to support the organisation’s response to a large-scale disruption. With continued disruption likely, Gartner recommends that risk leaders recognize organisational resilience as a strategic imperative and build an organisation-wide resilience strategy that also engages staff, stakeholders, customers and suppliers.

By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts
Most boards now regard cybersecurity as a business risk rather than solely a technical IT problem, according to a recent  Gartner survey As a result, Gartner expects to see a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders.

Learn about the top priorities for security & privacy leaders in 2022 in the complimentary Gartner ebook 2022 Leadership Vision for Security & Risk Management Leaders

Read 203 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under

Related items

Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top