Gartner released the prediction of eight major network security trends from 2022 to 2023. Zero trust is the starting point and regulations cover a wider range

Gartner The recently released forecast of important trends in network security shows ： Executive performance evaluation will be increasingly linked to network risk management capabilities ; In the next three years , Nearly one-third of the world's countries will adopt legislation to regulate the countermeasures against extortion software ; The integration of security platforms will ensure the rapid development of enterprises even in harsh environments .

edit | Song Hui

Contribution | Gartner

In the near future Gartner In the opening keynote speech of the safety and Risk Management Summit ,Gartner Senior Research Director Richard Addiscott And executive vice president Rob McMillan Discussed Gartner Important trend prediction proposed by network security experts , These predictions can help security and risk leaders succeed in the digital age .

Addiscott Express ：“ We can't be conservative , It is not feasible to solve all problems with the past methods . Most safety and risk leaders have realized , In the event of a crisis , It will cause serious business interruption . Although we cannot control the crisis , But we can constantly adjust our way of thinking 、 idea 、 Plan and structure .”

Gartner Suggest , Network security leaders should grasp the following strategic predictions , Reasonably formulate the security strategy for the next two years .

From now to 2023 year , Laws and regulations that require enterprises and institutions to protect consumers' privacy rights will cover 50 Billion citizens and more than 70% The world GDP.

By 2021 year , existing 50 Countries are close to 30 The privacy rights of 100 million consumers have been protected , And the coverage of privacy laws continues to expand .Gartner Suggest , The enterprise should track the indicators of the subject's claim , For example, the processing cost and completion time of each request , Find out the links that need to be improved in efficiency , And prove the necessity of accelerating Automation .

To 2025 year ,80% Of enterprises will take advantage of a single manufacturer SSE Platform access network 、 Strategies for cloud services and dedicated applications .

at present , Mixed office mode has been gradually popularized , The need to access data through any device anytime, anywhere is also increasing . So , Manufacturers began to launch comprehensive security service edge （SSE） Solution , Around the network 、 Private access and SaaS application , Create consistency 、 Simple security function . Compared with solutions with single advantages , Comprehensive solutions from a single manufacturer can improve operational efficiency and safety , Including tighter integration 、 Console reduction , And data decryption 、 The location of checking and re encrypting is reduced .

To 2025 year ,60% Enterprises and institutions will take zero trust as the starting point of safety work , More than half of enterprises and institutions will not be able to play the advantage of zero trust .

Now , The word "zero trust" is very common in the marketing of security manufacturers and the security guidance of the government . Zero trust use based on identity and context 、 Trust with moderate risk replaces implicit trust , Is a very powerful mode of thinking . However , Zero trust is both a security principle , It is also an organizational vision , Therefore, enterprises and institutions need to connect with business results through cultural change and effective communication , To give full play to its advantages .

To 2025 year ,60% Of enterprises and institutions will regard network security risk as a major determinant of third-party transactions and business transactions .

Cyber attacks related to third parties are increasing . but Gartner Research shows , have only 23% The security and risk leaders of the company conduct real-time monitoring of third-party network security risks .Gartner Think , As consumer concerns intensify and regulators' attention heats up , From simple key technology supplier monitoring to complex M & A due diligence , Enterprises and institutions will begin to regard network security risk as an important determinant when conducting business with third parties .

To 2025 year ,30% The country will approve the legislation , Pay for ransomware 、 Make provisions for fines and negotiations , and 2021 This proportion was less than in 1%.

Now , Modern extortion software gangs not only steal data , And the data will be encrypted . Business organizations often start from a business rather than a security perspective , Decide whether to pay the ransom .Gartner Suggest , Before negotiation , It should communicate with professional incident response teams as well as law enforcement departments and relevant regulatory agencies , Get advice .

To 2025 year , Threat actors will successfully turn the operational technology environment into weapons , Causing casualties .

Attacks against operational technologies have become more common （ Operation technology refers to equipment 、 Hardware and software for monitoring or controlling assets and processes ）, Will cause greater damage .Gartner Think , Safety and risk management leaders are in the process of ensuring the safety of the operating environment , Protecting people and the environment from real harm should be placed in a more important position than preventing information theft .

To 2025 year ,70% CEO of （CEO） It will require the establishment of a resilient corporate culture , To deal with all kinds of threats at the same time ： Cyber crime 、 Bad weather events 、 Civil strife and political unrest .

COVID-19 has exposed the limitations of traditional business continuity management planning , That is, it cannot help enterprises and institutions cope with large-scale disruption . In view of the possible continuous interruption ,Gartner It is suggested that risk leaders make Organizational Resilience a strategic priority , And make a plan to let employees 、 Interested parties 、 Corporate level resilience strategies in which customers and suppliers participate .

To 2026 year ,50% The performance requirements related to risks will be added to the labor contract of the chief executive of .

Gartner A recent survey found , Most boards now view cybersecurity more than IT Technical problems , It is also considered a business risk . therefore ,Gartner expect , Senior business leaders will officially replace security leaders , Become the person in charge of network security .