3 Key Highlights from Gartner’s Security & Risk Management Summit
Earlier this week, we joined over 2,595 CISOs and security professionals at Gartner’s twenty-first annual Security & Risk Management Summit in Washington, DC (June 8-11).
It was a great event, packed with compelling presentations. Here are three key highlights we wanted to share with you.
1. Align security investments to business outcomes
Gartner analyst Peter Firstbrook kicked things off by focusing on the influence security has on business outcomes.
“Business executives are concerned about customer frustrations that arise from security issues,” Peter said. “CISOs must elevate security investment to protect what the business cares about.”
This aligns directly with conversations we’ve had with our customers, and trends we’re seeing in the market. According to the 2015 CEO survey from PwC, 61% of CEOs are concerned about cyber threats and the impact that these threats will have on the organization’s growth prospects.
Cybersecurity is now on the corporate board agenda, and CISOs must be prepared to enable outcomes by protecting the business and its customers.
Image source: PwC 18th Annual Global CEO Survey
2. CISOs must facilitate customer security engagements
Avivah Litan,VP and Distinguished Analyst, Gartner Research,followed Peter on the stage. She suggested that CISOs who want to generate business outcomes and gain trust of business executives must follow six key principles:
- Move from check box compliance to risk-based thinking.
- Move from technology to outcomes.
- Move from defenders to facilitators of business outcomes.
- Understand information flow.
- Move from technology focus to people focus.
- Move from prevention only to detection and response.
By facilitating working groups within the organization, CISOs can start to embed these security principles into business processes right from the start. Doing so enables businesses engage with its customers in new ways, driving up customer engagement.
This business-oriented approach will soon become the norm: according to Gartner, by 2017, 50% of company IT spending will be outside of the traditional IT department.
Image source: Gartner Security & Risk Management Summit – Opening Keynote: Manage Risk & Deliver Security in a Digital World
3. CISOs and CMOs need to collaborate
So what can CISOs do today to start to get a handle on customer security? Work with marketing.
A key opportunity for this kind of collaboration is the email channel.
According to the Direct Marketing Association, 66% of consumers have made a purchase online as a result of an email marketing message.
Hackers and attackers are aware of this statistic too. Between October 2014 and March 2015, nearly 21 billion emails appearing to come from well-known commercial senders did not actually come from their legitimate IP addresses—potentially indicating a large-scale phishing attack.
Return Path’s General Manager for Email Fraud Protection, Robert Holmes, tackled this opportunity head-on in his presentation on how to re-build customer trust in the email channel.
By focusing on protecting emails that end-customers receive, CISOs can enhance customer engagement and ultimately drive business outcomes by increasing revenue from email.
To do this, Return Path recommends that companies gain visibility into all types of email threats, including domain spoofing, cousin domain threats, display name spoofing, and subject line spoofing. It’s easier to define a solution once you know the scope of the problem you’re facing.
For more information on the evolving email security landscape, check out our upcoming events. We’ll be hosting CISOs at several upcoming dinners in San Francisco, Boston, and New York City. Contact us if you’d like to attend.
About Adenike Cosgrove
Adenike (Nikki) Cosgrove is Senior Product Marketing Manager for Return Path's Email Fraud Protection solution. Before joining Return Path, Adenike was the lead EMEA Senior Advisor to security and risk professionals at Forrester Research, helping clients with their information and cyber security strategies. Prior to her role at Forrester, she was Service Head for Canalys's Enterprise Security services, producing analytical reports on a wide range of topics within enterprise security and vendor channel management.