BR +55 11 3069 3925 | USA +1 469 620 7643

How important is Gartner to the cybersecurity universe?

by | Jul 12, 2019 | BLOG

Every day, new news about data leaks in organizations of all sizes and different industries is emerging. According to Accenture’s 2019 Cost of Cybercrime report, the number of leaks increased by 11% between 2017 and 2018, and 67% over the last 5 years. The trends show that this number will continue to increase considering the evolution not only of the amount of data available, but also of devices connected to the infrastructure of organizations, including mobile, Industry 4.0, and Internet of Things devices. 

Aspects related to cybersecurity have become a challenge for organizations, affecting even the continuity of their businesses. In addition, CISOs increasingly view cybersecurity as a business risk to be addressed, and customers require organizations to be better prepared to protect their personal data, including their consumer and trust relationships. Finally, regulations such as GDPR (Europe), LGPD (Brazil) and CACC (the State of California, United States) have also been showing that governments are taking cybersecurity and privacy seriously.

Considering the increase in cybersecurity risks, it is a business must for information security executives to mitigate these risks, thus allowing business continuity and increasing the confidence of its customers, employees, partners, and suppliers.  In this scenario, more than 15,000 organizations in more than 100 countries rely on Gartner as a consultant for strategic decision-making not only in cybersecurity but in countless other subjects such as Human Resources, Finances and Risk and Audit. But what is Gartner after all?

Gartner, Inc., or simply Gartner, was founded exactly 40 years ago by Gideon Gartner in the US city of Stamford, Connecticut. Its numbers impress: a team of more than 15,000 associates is responsible for bringing more than $4 billion in annual revenue, according to its website. The programs and services offered by Gartner include research, consulting, and events. Its tools include the Hype Cycle, as well as Market Guides and Magic Quadrants, allowing organizations to visualize the results of market analysis and a range of solutions for decision-making strategies, including those linked to cybersecurity. Gartner events are marked on the calendars of most executives across the globe and are held year-round across four continents. In Brazil, Gartner annually organizes the IT Symposium/Xpo conferences as well as Security and Risk Management conferences. In the latter, CISOs have the opportunity to exchange experiences and also discover the latest security trends for Cloud, Artificial Intelligence, Internet of Things, Blockchain, DevOps, as well as the main challenges in Information Security for executives and their organizations.

According to Gartner, by 2022, the ratings related to cybersecurity will become as important as those associated with credit, considering the assessment of these risks to establish business relationships. The big challenge for organizations in this new digital era is to turn cybersecurity risk management into a competitive benefit for business leverage. 

Gartner also sees IT strategies increasingly aligned with business goals. In this scenario, the skills of leaders in Information Security and Risk Management become essential in presenting these aspects in an assertive way to support the strategic decision-making process in companies. In short, it is necessary that the areas of Information Technology and Security are close to top management and should be considered not only as a means to introduce solutions to technical problems but to allow organizations to achieve their business goals.

Considering this paradigm shift, Gartner has introduced a strategic approach to Cybersecurity Risk Management in 2017, called the Continuous Adaptive Risk and Trust Assessment (CARTA). This approach is based on new Zero Trust models, which, unlike the old “trust, but verify” concept models, eliminate security perimeter concepts that delimit the environment into reliable and unreliable, and turn everything and everyone into possible threats to the organization.

Thus, it is believed that CISOs must review their threat detection and response strategies. These strategies require new investments in their Security Operations Centers (SOCs) so that they are able not only to prevent but also to detect and respond to threats. And this is not an easy challenge to overcome, considering that these threats can be not only outside the environment but also within it. Gartner estimates that by 2022, 50% of all SOCs will have the ability to detect and respond appropriately to security incidents, including using Artificial Intelligence and Machine Learning concepts.  

Thus, it is possible to say that the scale and scope of cyber threats are far from decreasing. As new technologies are introduced, they bring with them new threats to companies. In addition – considering cybersecurity risks not only as technical aspects but as paramount to business continuity – it is essential that Information Technology and Security leaders align with the top management and business goals. In this scenario, Gartner emerges as a key player in helping these leaders define new strategies based on best practices in cybersecurity, using solutions that adequately address threats and are adherent to their businesses, and promote the exchange of experience between executives from different countries and industries. Thus, it can be assumed that it will be possible to appropriately identify and mitigate Information Security risks by enabling these organizations to maintain the satisfaction of their customers, employees, partners, and suppliers, and thereby ensure that they achieve their business goals.

Top 7 Types of Phishing Attacks and How to Prevent Them

Social engineering, in the context of information security, consists of practices performed by hackers to manipulate users to take actions that go against their interests, exploiting their vulnerability and lack of knowledge for their benefit. One of the main types of...

ISO 27001 – What is the importance of having achieved the certification

The process of digital transformation has intensified in companies of all sizes and industries, and is considered an essential factor for business success. One of the main consequences of this process is the exponential growth in the amount of data from customers,...

Principle of Least Privilege: Understand the Importance of this Concept

Granting administrator access to a user who does not even have time to explain why they need this permission is not an efficient way to solve a company's problems but rather to harm its security.  This is because sensitive data can fall into the wrong hands through a...

How to Prevent DDoS Attacks in Your Company?

There are several methods by which malicious agents attack websites and destabilize network services and resources. One of the most widely used techniques is the DDoS attack, which means distributed denial-of-service. Through this attack, a website ends up becoming...

Gartner and PAM: What Does One of the Most Important Consulting Companies in the World Say About this Cybersecurity Solution?

All of us have already heard of digital transformation at some point. This phenomenon affects companies of all verticals and sizes and has been gaining prominence in the market.  Digital transformation increasingly requires organizational leaders to adapt their...