National Harbor, Md., June 7, 2023

Gartner Security & Risk Management Summit 2023 National Harbor: Day 3 Highlights

We are bringing you news and highlights from the Gartner Security & Risk Management Summit, taking place this week in National Harbor, Maryland. Below is a collection of the key announcements and insights coming out of the conference. You can read the highlights from Day 1 here and Day 2 here.

On Day 3 from the conference, we are highlighting how different generations think about cybersecurity, how to manage AI trust and security, and how to assess third-party cybersecurity risks. Be sure to check this page throughout the day for updates.

Key Announcements

Gartner Identifies Four Myths Obscuring Cybersecurity’s Full Value

4 Ways Baby Boomers, Gen X, Y & Z Think Differently About Cybersecurity

Presented by Victoria Cason, Principal, Advisory, Gartner

Generational differences can impede approaches to creating harmony and working together as cybersecurity professionals. In this session, Victoria Cason, Principal, Advisory at Gartner discussed proactive ways to manage generational issues in the workforce.

Key Takeaways

“Managing a multigenerational workforce brings a new set of challenges. Organizations must walk a fine line between creating opportunities for young employees to advance, while also ensuring workforce veterans feel included.”
“Each generation has a different priority.”
89% of Gen Z and Millennial talent believe there is a gatekeeping culture in the security landscape.
60% of Gen X talent acknowledge there is a cultural divide between junior and senior talent.
4 actions to meld the workforce together and maximize performance:

1. Examine Your Multigenerational Workforce Culture With Care

2. Equitable and Personalized Development

3. Reverse-Mentoring Programs

4. Inclusive Hiring

“Build and implement development plans to grow and retain all generations.”
“Be highly intentional in the type of change you seek to make - aim for one at a time.”

Don't Let Your AI Control You: Manage AI Trust, Risk and Security

Presented by Mark Horvath, VP Analyst, Gartner

AI creates new risks and security threats within organizations, but AI teams often perceive risk differently than security teams. In this session, Mark Horvath, VP Analyst at Gartner, explained Gartner's AI trust, risk and security management (TRiSM) model and framework for managing AI trust, risk and security collaboratively and consistently.

Key Takeaways

“There are already plenty of AI models that have been operationalized and can be compromised and attacked. A 2021 Gartner survey found that 73% of organizations already had hundreds or thousands of AI models deployed.”
“Compromises and attacks span all stages of the AI life cycle, including data poisoning; privacy concerns; model outcome manipulation; and model or data misuse, compromise or theft.”
“There are two common misperceptions about AI security threats: Most AI attacks only happen by outsiders, so we don't have to look inside; and most AI attacks are complicated, so let's not sweat the small stuff.”
“CISOs and AI teams perceive risk coming from AI differently. AI teams think AI risk is more likely to materialize and are more concerned about AI risk overall. It's not every day that someone is more concerned about information risk than the security team.”
“AI TRiSM helps ensure governance, trustworthiness, fairness, reliability, privacy, security and compliance of AI solutions, turning unmanaged risks into managed risks.”
“By 2026, organizations that operationalize AI transparency, trust and security will see their AI models achieve a 50% result improvement in terms of adoption, business goals and user acceptance.”

Learn more about AI TRiSM in the Gartner Q&A “Why Trust and Security are Essential for the Future of Generative AI.”

How to Both Assess and Monitor Third-Party Cybersecurity Threats While You Are Sleeping

Presented by Christopher Ambrose, VP Analyst, Gartner

CISOs lose enough sleep worrying over their internal cybersecurity defenses, let alone the third-parties beyond their control. In this session, Christopher Ambrose, VP Analyst at Gartner, reviewed the tools and best practices that organizations are using to assess and monitor their third parties and reduce risk exposure.

Key Takeaways

“It is very difficult from an outside view to determine which third party has strong cyber controls and which ones are already, or likely to be, compromised.”
“A standard risk assessment process includes a questionnaire that organizations send to all third parties. For cybersecurity, this is a broken, flawed approach that usually leads to risk awareness or acceptance.”
“Rather than just categorizing vendors as high or low risk, focus on the nature of the relationship. Do they control sensitive data or have access to critical systems?”
“Determine your third-party cyber non-negotiables.Get executive endorsement and institutionalize them into RFP templates, supplier codes of conduct and external-facing sites for third parties.”
“You can’t just throw tools at this. You need to establish the right architecture by analyzing existing people, processes and technology to identify opportunities to improve your third party cyber risk program.”
“Managing third parties is difficult on a spreadsheet, so most organizations have a third party risk management tool to help automate the process.”
“If third-party controls are insufficient, implement your own mitigations such as data backup solutions, encryption and multifactor authentication.”

View coverage from Day 1

View coverage from Day 2

About Gartner

Gartner, Inc. (NYSE: IT) delivers actionable, objective insight that drives smarter decisions and stronger performance on an organization’s mission-critical priorities. To learn more, visit gartner.com.