Saturday , February 15 2025

Gartner unveils top cybersecurity predictions for 2023-2024

Half of CISOs will formally adopt human-centric design practices into their cybersecurity programmes, while adoption of zero trust architecture will rise

Fifty per cent of Chief Information Security Officers (CISOs) will adopt human-centric design to reduce cybersecurity operational friction; large organisations will focus on implementing zero-trust programmes; and half of cybersecurity leaders will have unsuccessfully tried to use cyber risk quantification to drive decision-making, according to the top cybersecurity predictions revealed by Gartner, Inc.

“There’s no question that CISOs and their teams must be laser-focused on what’s happening today to ensure their organisations are as secure as possible,” said Richard Addiscott, Senior Director Analyst. “But they also need to make time to look up from their daily challenges and scan the horizon to see what’s coming down the track that might impact their security programmes in the next couple of years.

Xploit_Cr3w and Blind_Virus, champion for BCS CTF contest

Xploit_Cr3w and Blind_Virus are the two champion teams categorically for BCS ICT Fest 2025 arranged jointly by BCS and BUET....
Read More
Xploit_Cr3w and Blind_Virus, champion for BCS CTF contest

Salt Typhoon Exploits Vulnerable Cisco Devices of Telcoms Globally

Between December 2024 and January 2025, Recorded Future's Insikt Group discovered a campaign targeting unpatched Cisco devices used by major...
Read More
Salt Typhoon Exploits Vulnerable Cisco Devices of Telcoms Globally

CISA Releases Advisories For 20 Industrial Control Systems (ICS)

On February 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued 20 advisories about serious vulnerabilities in Industrial Control...
Read More
CISA Releases Advisories For 20 Industrial Control Systems (ICS)

“Astaroth” Phishing Kit Bypasses 2FA Of Gmail, Yahoo, AOL, M365

The new Astaroth Phishing Kit can bypass two-factor authentication to steal login credentials for Gmail, Yahoo, and Microsoft. It uses...
Read More
“Astaroth” Phishing Kit Bypasses 2FA Of Gmail, Yahoo, AOL, M365

CVE-2023-38831
Malware campaign target Bangladeshi Government Entities: Report

A sophisticated malware campaign is targeting military and government entities in Bangladesh. It uses social engineering to deliver malicious files...
Read More
CVE-2023-38831  Malware campaign target Bangladeshi Government Entities: Report

(CVE-2025-1146
CrowdStrike Fixed High-Severity TLS Vuln in Falcon Sensor

CrowdStrike has issued a security advisory for a serious TLS vulnerability, CVE-2025-1146, in its Falcon Sensor for Linux, Falcon Kubernetes...
Read More
(CVE-2025-1146  CrowdStrike Fixed High-Severity TLS Vuln in Falcon Sensor

CVE-2025-0108 & CVE-2025-0110
Palo Alto Networks Addressed High-Severity PAN-OS Vulns

Palo Alto Networks has issued advisories for two critical vulnerabilities in its PAN-OS. The vulnerabilities, CVE-2025-0108 and CVE-2025-0110, may enable...
Read More
CVE-2025-0108 & CVE-2025-0110  Palo Alto Networks Addressed High-Severity PAN-OS Vulns

Update Now
Ivanti Patches 3 Critical Flaws in Connect Secure and Policy Secure

Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC)...
Read More
Update Now  Ivanti Patches 3 Critical Flaws in Connect Secure and Policy Secure

This Adtech Company is Powering Surveillance of U.S. Military Personnel

Last year, a joint investigation revealed that a Florida-based data broker, Datastream Group, was selling highly sensitive location data that...
Read More
This Adtech Company is Powering Surveillance of U.S. Military Personnel

Intel Patched 374 Vulnerabilities in multiple products

In 2024, Intel addressed a remarkable 374 vulnerabilities across its software, firmware, and hardware products, distributing bug bounty rewards for...
Read More
Intel Patched 374 Vulnerabilities in multiple products

“These predictions are a signal flare for some of those things we see emerging and should be considered by any CISO looking to build an effective and sustainable cybersecurity programme.”

Gartner’s top eight cybersecurity predictions

Gartner recommends that cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years.

Through 2027, 50% of CISOs will formally adopt human-centric design practices into their cybersecurity programmes to minimise operational friction and maximise control adoption.

Gartner research shows that over 90% of employees who admitted undertaking a range of unsecure actions during work activities knew that their actions would increase risk to the organisation but did so anyway. Human-centric security design is modelled with the individual — not technology, threat or location – as the focus of control design and implementation to minimise friction.

By 2024, modern privacy regulation will blanket the majority of consumer data, but less than 10% of organisations will have successfully weaponised privacy as a competitive advantage. Organisations are beginning to recognise that a privacy programme can enable them to use data more broadly, differentiate from competitors, and build trust with customers, partners, investors and regulators. Gartner recommends security leaders enforce a comprehensive privacy standard in line with GDPR to differentiate in an increasingly competitive market and grow unhindered.

By 2026, 10% of large organisations will have a comprehensive, mature and measurable zero-trust program in place, up from less than 1% today.

A mature, widely deployed zero-trust implementation demands integration and configuration of multiple different components, which can become quite technical and complex. Success is highly dependent on the translation to business value. Starting small, an ever evolving zero-trust mindset makes it easier to better grasp the benefits of a programme and manage some of the complexity one step at a time.

By 2027, 75% of employees will acquire, modify or create technology outside IT’s visibility – up from 41% in 2022.

The CISO role and purview of responsibility is shifting from being control owners to risk decision facilitators. Reframing the cybersecurity operating model is key to the changes coming. Gartner recommends thinking beyond technology and automation to deeply engage with employees to influence decision making and ensure they have appropriate knowledge to do in an informed way.

By 2025, 50% of cybersecurity leaders will have tried, unsuccessfully, to use cyber risk quantification to drive enterprise decision making.

Gartner research indicates that 62% of cyber risk quantification adopters cite soft gains in credibility and cyber risk awareness, but only 36% have achieved action-based results, including reducing risk, saving money or actual decision influence. Security leaders should focus firepower on quantification that decision makers ask for, instead of producing self-directed analyses they have to persuade the business to care about.

By 2025, nearly half of cybersecurity leaders will change jobs, 25% for different roles entirely due to multiple work-related stressors.

Accelerated by the pandemic and staffing shortages across the industry, the work stressors of cybersecurity professionals are rising and becoming unsustainable. Gartner suggests that while eliminating stress is unrealistic, people can manage challenging and stressful jobs in cultures where they are supported. Changing the rules of engagement to foster cultural shifts will help.

By 2026, 70% of boards will include one member with cybersecurity expertise.

For cybersecurity leaders to be recognised as business partners, they need to acknowledge board and enterprise risk appetite. This means not only showing how the cybersecurity programme prevents unfavourable things from happening, but how it improves the enterprise’s ability to take risks effectively. Gartner recommends CISOs get ahead of the change to promote and support cybersecurity to the board and establish a closer relationship to improve trust and support.

Through 2026, more than 60% of threat detection, investigation and response (TDIR) capabilities will leverage exposure management data to validate and prioritise detected threats, up from less than 5% today.

As organisational attack surfaces expand due to increased connectivity, use of SaaS and cloud applications, companies require a broader range of visibility and a central place to constantly monitor for threats and exposure. TDIR capabilities provide a unified platform or ecosystem of platforms where detection, investigation and response can be managed, giving security operations teams a complete picture of risk and potential impact.

Learn more about the top priorities for security and risk leaders in 2023 in the complimentary Gartner ebook: 2023 Leadership Vision for Security & Risk Management Leaders.

Gartner Security & Risk Management Summit

Gartner analysts will present their latest research and advice for security and risk management leaders at the Gartner Security & Risk Management Summits, taking place in Sydney, March 28-29.  June 5-7 in National Harbor, MD, July 26-28 in Tokyo and September 26-28 in London. Follow news and updates from the conferences on Twitter using #GartnerSEC

Check Also

Zuckerberg

Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company’s …

Leave a Reply

Your email address will not be published. Required fields are marked *