The Gartner 2020 Security & Risk Management Summit Americas drew 4,000 information security and network security attendees and focused on “Balancing Risk, Trust and Opportunity in an Uncertain World.” This theme aptly reflects our times as we live through a pandemic that has dramatically accelerated digital transformation while increasing cyberthreats and security risk across this extended digital footprint.
This year’s conference was like no other. The entire event was virtual, which made it easy to watch sessions while still doing one’s day job, but we still missed the anticipation of the darkened room before the keynote, having cocktails with the analysts we’ve known for so many years and swapping cybersecurity tips with infosec pros.
Gartner made a big shift in its content this year to focus sessions on the actions you can take now to address security and risk concerns versus the focus of previous conferences on past surveys and future predictions. If you missed the summit, here are a few of the top takeaways and recommended actions for security professionals and chief information security officers (CISOs).
Takeaway: Increasing Digital Capabilities Can Help Ensure Resilience
Resilience, as defined by NIST, is “the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions.” According to Khushbu Pratap, Principal Research Analyst, risk mitigation priorities have changed since the pandemic began, and to ensure resiliency and business continuity, “77% of CEOs plan to increase investment in digital capabilities.” Pratap noted that now is the time to act to drive resiliency by reconsidering your 2020 goals and budget, prioritizing the urgency of digital transformation and avoiding distraction. She suggests focusing on three things to accomplish your security risk management goals: first, determine decision accountability, second rationalize your efforts and focus areas, and third increase communication across the business.
At PerimeterX, we agree with this risk assessment that digital transformation is accelerating and changing the risk landscape. This year, we have seen a dramatic shift in web application traffic and attack patterns across various industry segments. We recommend that businesses take action to address security threats and the rise in cyberattacks such as account takeover and scraping that we are seeing during the covid-19 pandemic across food and grocery, e-learning and hospitality, fashion and home goods and freelance and media segments.
Takeaway: Ransomware, Phishing and Supply Chain Weaknesses are Top Potential Threats
Jonathan Care, Senior Director Analyst, noted that hype often overshadows actual threats which can include “human error, decade-old worms that still propagate across open file shares, and unpatched servers on legacy applications.” He cited that the top threats of the short-term threat landscape 2020 are ransomware, phishing and supply chain weaknesses, along with an increasing diversity of threats. He recommended taking a “risk based approach to threats,” since security controls for information systems are not foolproof. Agility and adaptability in enterprise risk management are required for information technology security teams to respond to the 2020 threat landscape.
At PerimeterX, we agree with this threat forecast. In particular, we are seeing digital supply chain weaknesses rise to the top of the list of business concerns and identified risks. As the use of third-party code on websites—known as Shadow Code—increases, visibility into the behavior of these scripts on the client side remains extremely low. We’ve seen that only 8% of security pros have complete insight into the third-party code running on their website, and over 30% do not trust the providers of their third-party scripts. We recommend that businesses take action with their risk management programs to address data security and the risk of client-side data breaches caused by digital skimming and Magecart attacks.
Takeaway: Smart Digital Businesses are Learning about the Correlation Between a Positive Customer Experience and Growth
In his session entitled “Fraud Prevention is Killing Customer Experience,” Gartner Senior Director Analyst Akif Khan made some very compelling arguments about the correlation between fraud management and revenue growth. He noted that an easy, intuitive and “frictionless” customer experience is a true differentiator when shopping online. It is far too easy for customers to take their business elsewhere if an e-commerce retailer forces them to jump through too many security hoops in an attempt to manage and minimize fraud and cybercrime. And with the ongoing pandemic forcing more common daily interactions online, shopping choices abound and patience with onerous identity verification and security checks has worn thin. This is particularly true for brands with which one does business regularly and for low risk transactions. Akif noted that online businesses should take a CARTA approach (Gartner speak for Continuous Adaptive Risk and Trust Assessment), and that a balance of convenience for the shopper and security for their PII and the business is possible. He championed what can be called a “sliding scale” of security validation, challenging e-commerce businesses to correlate shopper friction with the attempted action: more friction to add and change payees on a bank account, for example, and less if making a low value transaction from a known device and location.
At PerimeterX, we agree wholeheartedly with the need to provide a great online customer experience. Our market-leading bot mitigation solution, PerimeterX Bot Defender, collects and inspects hundreds of indicators for precise determination of human versus bot activity. We also offer a user-friendly verification that is easy for humans to solve but difficult for bots. And our customers can define granular policies for the kinds of actions they allow, and those that are flagged for secondary screening or denied all together. Since 1.6% of annual global ecommerce revenue is lost due to payment fraud, the problem is huge and not going away. We’re glad to help 3 of the top 5 fastest growing e-commerce retailers in the US achieve that delicate balance between fraud management and growth.
For ongoing analysis on the application threat landscape and its impact on your information security program, risk management processes, business objectives and business processes, you can subscribe to the PerimeterX blog.
Gartner, Gartner Security & Risk Management Summit 2020 Presentation, Outlook for Risk: Technology, Information and Resilience, Khushbu Pratap, September 14-17, 2020.
Gartner, Gartner Security & Risk Management Summit 2020 Presentation, How to Respond to the 2020 Threat Landscape, Jonathan Care, September 14-17, 2020.
Gartner, Gartner Security & Risk Management Summit 2020 Presentation, Fraud Prevention is Killing Customer Experience, Akif Khan, September 14-17, 2020.