Gartner, a global research firm that is in charge of research and consultation in the field of IT, publishes important technologies for business in the field of IT every year. This year, it announced six cybersecurity trends in 2024. The materials presented by Gartner also serve as references for many companies and governments, and we will take a look at the 2024 cybersecurity trends presented by Gartner.


Generative AI is skeptical in the short term and hopeful in the long term

Security leaders need to prepare for the rapid evolution of Generative AI. This is because LLM (Large Language Model) applications such as ChatGPT and Gemini are just the beginning of a generative AI transformation. Security leaders also have high hopes for various benefits of generative AI, such as increased productivity, reduced technology gaps, and other new benefits related to cybersecurity. Accordingly, security leaders should actively collaborate with business stakeholders to lay the foundation for ethical and safe use of innovative technologies when utilizing generative AI.
"The long-term outlook for Generative AI is bright, but in the short term, you're more likely to experience immediate fatigue than double-digit productivity gains," said Gartner senior director analyst Richard Addiscott. "But this will improve gradually, so we need to encourage experimentation and manage expectations, especially outside of the security team."


Closing communication gap with board through performance-oriented indicators

As the negative impact and frequency of cybersecurity incidents on businesses continue to increase, the trust among the board and management in cybersecurity strategies is decreasing. Outcome-Driven Metrics (ODM) is increasingly being adopted to help stakeholders intuitively understand cybersecurity investments and their level of defense.
ODM plays a key role in developing a defensible cybersecurity investment strategy, because it reflects the level of protection agreed upon based on its strong properties and provides an easy language for non-IT executives to understand. It supports direct investment in adjusting the level of defense by providing a reliable and defensible representation of risk propensity.


Increasing importance of security behavior and cultural programs

Security managers within the enterprise recognize that facilitating employee behavioral changes rather than raising employee awareness helps reduce cybersecurity risks. By 2027, 50% of CISOs at large corporations are expected to adopt people-focused security design approaches to minimize friction from cybersecurity and maximize control application. Security behavior and culture programs are a recap of a company-wide approach to minimizing cybersecurity incidents associated with employee behavior.
"Companies using SBCP have improved security controls, reduced unsafe behavior, and increased speed and agility," Addiscott said. "Our employees have the ability to make independent decisions in the area of cybersecurity, allowing them to leverage their cybersecurity resources more effectively."


Resilience-focused third-party risk management

As third-party cybersecurity incidents become inevitable, security leaders are under pressure to focus more on resilience-driven investments and move away from preemptive due diligence. In this situation, third-party risk management must be strengthened and mutually beneficial relationships with critical external partners must continue to protect the most critical assets. "We need to start by strengthening contingency plans for contracts with third-party riskiest cybersecurity," Adiscott said. "We need to define clear offboarding strategies such as creating incident playbooks by third-party, conducting tabletop exercises, revoking access in a timely manner, and destroying data."


Gain momentum from ongoing threat exposure management programs

Continuous Threat Exposure Management (CTEM) is a practical and systematic approach that organizations can use to continuously assess the accessibility, exposure, and exploitation of digital and physical assets. By aligning the assessment and modification to threats or business projects rather than infrastructure components, vulnerabilities and non-patchable threats can be highlighted.
Gartner predicts that by 2026, companies that prioritize security investments based on the CTEM program will be able to reduce two-thirds of breaches. Security leaders should continually monitor their hybrid digital environments to identify vulnerabilities early and prioritize them best to help strengthen the surface on which they can be attacked.


Expanding IAM roles to improve cybersecurity performance

As more businesses move to an ID-first approach to security, the focus shifts from network security and other traditional controls to identity and access management (IAM), playing an important role in cybersecurity and business performance. IAM's role in security programs is expected to be more emphasized, but at the same time, we need to focus on fundamental security and system enhancements to improve resilience.
As a result, security leaders must focus on strengthening and leveraging identity fabric, and ID threat detection and response to ensure that IAM capabilities are best placed to support the entire security program.