How Gartner's 2024 cybersecurity trends can guide your cybersecurity efforts
April 01, 2024
By Jamie Fiedrich, Ben Masino, and Eldon Sheckles
When it comes to cybersecurity, there’s no single playbook to follow. But looking to experts and analysts who spend their days laser focused on the latest threats and trends can offer valuable direction.
Gartner has identified its six top cybersecurity trends for the year, and they’re ones that healthcare leaders should consider. Of the six, here are the ones those of us at Avertium find most instructive and beneficial:
Trend: “Continuous threat exposure management programs gain momentum”
Gartner’s prediction on this front is a stunning one: By 2026, it expects organizations that prioritize their security investments based on a Continuous Threat Exposure Management (CTEM) program “will realize a two-thirds reduction in breaches.”
CTEM is an approach to managing vulnerabilities and exposures that enables security professionals to defend their organizations at the necessary pace of change. In particular, it represents a huge opportunity in the healthcare space, where breaches have a significant monetary impact and can also be life-threatening, and where CTEM programs are not yet widely utilized.
As Gartner explains, “The objective of CTEM is to get a consistent, actionable security posture remediation and improvement plan that business executives can understand and architecture teams can act upon."
Think of CTEM as the flip side of a traditional threat detection and notification program and less reactive than SIEM and endpoint security solutions. Behaving in a purely reactive manner tends to be an expensive security posture: a threat actor has made it to the end of the kill chain, and fixing the problem requires throwing humans, not technology, at it.
Healthcare’s constant addition of new payer, provider, and bio-tech devices, technologies, and regulations creates plenty of potential footholds around the perimeter through which a threat actor can take advantage. With CTEM, the intention is to limit or prevent that exposure in the first place by discovering and identifying those assets that might be exposed and then pointing your time and efforts at mitigating them.
Gartner provides a framework for doing so, but key fundamentals include continuous external scanning: penetration tests, vulnerability scans, and third-party supply chain scans on repeat. Once organizations understand their exposures, they can then prioritize and remediate those exposures, thus limiting their attack surface. The key is consistent and continuous testing and scanning, as point-in-time assessments are only as valuable as the nature of the environment at that time. Once new code or systems are brought into production environments, the attack surface shifts and must be assessed and remediated again.
Trend: “Cybersecurity outcome-driven metrics: Bridging boardroom communication gap”
As Gartner puts it, “Outcome-driven metrics (ODMs) are increasingly being adopted to enable stakeholders to draw a line between cybersecurity investment and the delivered protection levels it generates”—particularly when it comes to communicating to executive leaders and the board.
ODMs measure the impact of your security investment and allow you to communicate effectively with executives who don’t have a technical background. For instance, tracking metrics such as mean time to detect or mean time to respond allows you to measure the effectiveness of your incident response plan. When the ODM improves, it signals that the security investment is returning stronger protection. If it declines, that indicates a drop in protection.
If you’re currently focusing on cyber maturity, focusing on ODMs represents a mindset shift—and one Avertium recommends. While cyber maturity looks at those things you have in place, ODMs look at the performance of them. The benefit is ODMs can and should clearly tie back to business objectives. The metrics can demonstrate how cybersecurity measures contribute to those objectives, from maintaining customer trust to protecting intellectual property.
Showing your stats to the board and other executives can feel daunting, particularly if those stats show you’re immature in certain areas. The instinct may be to hide those results from company leaders for the fear the data will be interpreted as weakness. In reality, the customers Avertium has seen be the most successful at building strong long-term security programs are the ones who use those potentially negative results as an opportunity to advocate for the funding and staffing needed to improve ODMs.
Trend: “Resilience-driven, resource-efficient third-party cybersecurity risk management”
Many healthcare organizations have a multitude of third parties, and the risk that represents is well known. Gartner suggests moving away from “front loaded due diligence activities” and instead prioritizing partners based on cybersecurity risk. It advises that you “establish mutually beneficial relationships with important external partners, to ensure their most valuable assets are continuously safeguarded.”
It’s a shift from the norm of just assessing vendors and a move toward developing a resilience-driven strategy around third parties across the board. Doing so requires that you work closely with your vendors to ensure they have incident response plans and resource optimization in the event of an incident. Third parties should leverage automation tools to streamline backup, replication, and failover processes.
One of the best ways to strengthen your posture here is to focus on education. Collaboration and information sharing with industry peers, regulatory bodies, and cybersecurity firms who work with different hospitals and healthcare organizations is a valuable way to gain insights and benefit from the lessons learned by others. Do not try to combat threats on an island.
Trend: “Generative AI - Short-term skepticism, longer-term hope”
Preparedness is a must when it comes to Generative AI, in Gartner’s view, but it pairs its recommendation that “security leaders … prepare for the swift evolution of GenAI” with a note of caution around expectations. “There’s solid long-term hope for the technology, but right now we’re more likely to experience prompt fatigue than two-digit productivity growth.”
Avertium’s view is tinged with more optimism around the opportunity. Start with readiness. It’s crucial to thoroughly understand which data points and data sources will actually make AI tools valuable for your organization, verify that they’re configured correctly, and know which use cases for which you are trying to solve. Any productivity gains will depend on your specific use case: Do you plan to use AI to help write reports on security issues, or look for insights in your security data?
Looking back to the advent of cloud computing can be instructive: As it gained traction, there was a prevailing assumption that you “put your stuff in the cloud” and things will be cheaper, faster, and more secure. That wasn't the case. You had to make things work in the cloud, like the cloud, and then they became cheaper, faster, and more secure. It first required understanding the cloud’s capabilities and the use cases that could benefit from it. AI is very similar and holds even greater potential outcomes as it matures.
The best way to gain that understanding is through education from a mix of sources, from the developers of the AI technology to third-party partners who make it their business to know and help customers be successful with Generative AI tools.
About the authors: As Avertium's chief revenue officer, Ben Masino brings more than 15 years of progressive experience in business, marketing, and sales leadership, along with deep experience in cyber security, SaaS, and technology-enabled services growth and customer engagement. Eldon Sheckles, director of professional services for Avertium, has dedicated his career to helping businesses, government agencies, and individuals safeguard their digital assets and information. Jamie Fiedrich is Avertium’s SVP of managed services.
When it comes to cybersecurity, there’s no single playbook to follow. But looking to experts and analysts who spend their days laser focused on the latest threats and trends can offer valuable direction.
Gartner has identified its six top cybersecurity trends for the year, and they’re ones that healthcare leaders should consider. Of the six, here are the ones those of us at Avertium find most instructive and beneficial:
Trend: “Continuous threat exposure management programs gain momentum”
Gartner’s prediction on this front is a stunning one: By 2026, it expects organizations that prioritize their security investments based on a Continuous Threat Exposure Management (CTEM) program “will realize a two-thirds reduction in breaches.”
CTEM is an approach to managing vulnerabilities and exposures that enables security professionals to defend their organizations at the necessary pace of change. In particular, it represents a huge opportunity in the healthcare space, where breaches have a significant monetary impact and can also be life-threatening, and where CTEM programs are not yet widely utilized.
As Gartner explains, “The objective of CTEM is to get a consistent, actionable security posture remediation and improvement plan that business executives can understand and architecture teams can act upon."
Think of CTEM as the flip side of a traditional threat detection and notification program and less reactive than SIEM and endpoint security solutions. Behaving in a purely reactive manner tends to be an expensive security posture: a threat actor has made it to the end of the kill chain, and fixing the problem requires throwing humans, not technology, at it.
Healthcare’s constant addition of new payer, provider, and bio-tech devices, technologies, and regulations creates plenty of potential footholds around the perimeter through which a threat actor can take advantage. With CTEM, the intention is to limit or prevent that exposure in the first place by discovering and identifying those assets that might be exposed and then pointing your time and efforts at mitigating them.
Gartner provides a framework for doing so, but key fundamentals include continuous external scanning: penetration tests, vulnerability scans, and third-party supply chain scans on repeat. Once organizations understand their exposures, they can then prioritize and remediate those exposures, thus limiting their attack surface. The key is consistent and continuous testing and scanning, as point-in-time assessments are only as valuable as the nature of the environment at that time. Once new code or systems are brought into production environments, the attack surface shifts and must be assessed and remediated again.
Trend: “Cybersecurity outcome-driven metrics: Bridging boardroom communication gap”
As Gartner puts it, “Outcome-driven metrics (ODMs) are increasingly being adopted to enable stakeholders to draw a line between cybersecurity investment and the delivered protection levels it generates”—particularly when it comes to communicating to executive leaders and the board.
ODMs measure the impact of your security investment and allow you to communicate effectively with executives who don’t have a technical background. For instance, tracking metrics such as mean time to detect or mean time to respond allows you to measure the effectiveness of your incident response plan. When the ODM improves, it signals that the security investment is returning stronger protection. If it declines, that indicates a drop in protection.
If you’re currently focusing on cyber maturity, focusing on ODMs represents a mindset shift—and one Avertium recommends. While cyber maturity looks at those things you have in place, ODMs look at the performance of them. The benefit is ODMs can and should clearly tie back to business objectives. The metrics can demonstrate how cybersecurity measures contribute to those objectives, from maintaining customer trust to protecting intellectual property.
Showing your stats to the board and other executives can feel daunting, particularly if those stats show you’re immature in certain areas. The instinct may be to hide those results from company leaders for the fear the data will be interpreted as weakness. In reality, the customers Avertium has seen be the most successful at building strong long-term security programs are the ones who use those potentially negative results as an opportunity to advocate for the funding and staffing needed to improve ODMs.
Trend: “Resilience-driven, resource-efficient third-party cybersecurity risk management”
Many healthcare organizations have a multitude of third parties, and the risk that represents is well known. Gartner suggests moving away from “front loaded due diligence activities” and instead prioritizing partners based on cybersecurity risk. It advises that you “establish mutually beneficial relationships with important external partners, to ensure their most valuable assets are continuously safeguarded.”
It’s a shift from the norm of just assessing vendors and a move toward developing a resilience-driven strategy around third parties across the board. Doing so requires that you work closely with your vendors to ensure they have incident response plans and resource optimization in the event of an incident. Third parties should leverage automation tools to streamline backup, replication, and failover processes.
One of the best ways to strengthen your posture here is to focus on education. Collaboration and information sharing with industry peers, regulatory bodies, and cybersecurity firms who work with different hospitals and healthcare organizations is a valuable way to gain insights and benefit from the lessons learned by others. Do not try to combat threats on an island.
Trend: “Generative AI - Short-term skepticism, longer-term hope”
Preparedness is a must when it comes to Generative AI, in Gartner’s view, but it pairs its recommendation that “security leaders … prepare for the swift evolution of GenAI” with a note of caution around expectations. “There’s solid long-term hope for the technology, but right now we’re more likely to experience prompt fatigue than two-digit productivity growth.”
Avertium’s view is tinged with more optimism around the opportunity. Start with readiness. It’s crucial to thoroughly understand which data points and data sources will actually make AI tools valuable for your organization, verify that they’re configured correctly, and know which use cases for which you are trying to solve. Any productivity gains will depend on your specific use case: Do you plan to use AI to help write reports on security issues, or look for insights in your security data?
Looking back to the advent of cloud computing can be instructive: As it gained traction, there was a prevailing assumption that you “put your stuff in the cloud” and things will be cheaper, faster, and more secure. That wasn't the case. You had to make things work in the cloud, like the cloud, and then they became cheaper, faster, and more secure. It first required understanding the cloud’s capabilities and the use cases that could benefit from it. AI is very similar and holds even greater potential outcomes as it matures.
The best way to gain that understanding is through education from a mix of sources, from the developers of the AI technology to third-party partners who make it their business to know and help customers be successful with Generative AI tools.
About the authors: As Avertium's chief revenue officer, Ben Masino brings more than 15 years of progressive experience in business, marketing, and sales leadership, along with deep experience in cyber security, SaaS, and technology-enabled services growth and customer engagement. Eldon Sheckles, director of professional services for Avertium, has dedicated his career to helping businesses, government agencies, and individuals safeguard their digital assets and information. Jamie Fiedrich is Avertium’s SVP of managed services.