.jpg)
Gartner says security and risk management leaders are facing an ever-changing threat landscape. These executives deal with increasingly sophisticated hackers and increasingly frequent attacks. During the Gartner Security & Risk Management Conference, which takes place on August 8 and 9, in São Paulo (SP), analysts will show that it is necessary to identify which threats pose the greatest risks and understand how to face these problems.
“Until 2020, 99% of the exploited vulnerabilities will continue to be those that have been known to the Security and IT teams for at least a year,” says Greg Young, Vice President of Research at Gartner.
According to Gartner, ransomware is - and should remain - the first threat that comes to the minds of IT and Security & Risk Management leaders. In the past, hackers specifically targeted an individual or machine, which represented a challenge, but was more easily manageable. Today, however, hackers target entire organizations, encrypting multiple devices before asking for payment or "ransom". There was a significant increase in new families of ransomware, with spam being the main vectors of infection.
Companies need to protect themselves against these types of potential vulnerabilities. The organization's own failures allow for a high number of attacks. During the Conference, Gartner analysts will explain that there is a growing investment in research on vulnerability, which leads to major discoveries, increased transparency in the disclosure of new loopholes and the more frequent launch of patch and block solutions. Security and risk management leaders have more tools available than ever to protect their organizations from known vulnerabilities.
"The evolution of attack tactics and increased evasion, combined with the lack of professionals in the field, are creating challenges for industry leaders. The high number of devices connected via Internet of Things (IoT) has created scalable problems. The tools existing security systems are no longer able to contain the flow of devices that need to be monitored and kept safe (desktops, laptops and mobile devices), making monitoring of potential vulnerabilities even more difficult, "explains Young.
The lack of safety skills in industries is just another factor in this challenge. Organizations are making greater investments in security tools to combat growing threats and make devices more secure, but they are struggling with the difficulty of hiring skilled professionals to work with these solutions.
For Gartner, security and risk management leaders must first understand and remedy known vulnerabilities. They must use existing resources and ensure balanced investments between prevention and detection solutions. "You also need to consider redesigning your assets and moving them to safer locations or segmenting them to add barriers between parts of the organization. Including these obstacles will make it harder for hackers to enter the company," says Young.
"These leaders need to know broader trends and understand how they affect the security of the organization, which they tend to fail to do when they only look at attacks and attackers. We found that most companies believe it is very important to know the origin of the attack, but that’s an unnecessary effort. It doesn’t matter who threw the rock, but you’ll need bandages. Focusing on finding the culprits only leaves other areas of the company vulnerable when an attack happens, ”he concludes.
EN 
PT 
