Report from Gartner®: Top Trends in Cyber Security, 2022

Microsoft Cyber Defense Operations Center

Report from Gartner®:
Top Trends in Cyber Security, 2022

Report from Gartner®: Top Trends in Cyber Security, 2022

Cyber security has never been a more important topic for Public Sector leaders. Microsoft’s Digital Defense Report, published in October 2021 showed that almost 80% of nation state cyber attacks in the previous year targeted governments, NGOs, or think tanks. Around the world Microsoft experts are working constantly with governments and public sector organizations to tackle these threats.

In their Top Trends in Cyber Security report, Gartner research investigates seven emerging trends and recommends actions to support you in building your understanding and awareness of emerging challenges and approaches to mitigate cyber attacks.

Gartner research investigates seven emerging trends and recommends actions to address these.

The report findings examine:

1. Attack surface expansion

“Currently, 60% of knowledge workers are remote, and at least 18% of users will not return to the office. These changes in the way we work have created new and challenging attack surfaces. Concurrently, rapidly increasing digital processes have expanded the diversity and complexity of mission-critical systems. Risks associated with open-source code, IoT physical systems, cloud workloads, SaaS applications, social media and more have exponentially increased the exposed surface of an organization beyond the traditional set of controllable assets. The lack of visibility across the expanding digital environment leads to an increase in exploitable blind spots.”

2. Identify threat detection and response

“This year, we are introducing a new term, ‘identity threat detection and response’ (ITDR) to describe the collection of tools and best practices to successfully defend identity systems from endemic levels of attacks. Much like network and endpoint detection and response tools, ITDR tools support discovery and inspection, provide analysis capabilities, enable policy evaluation, and provide incident management and remediation suggestions to restore affected systems.
Many IAM tools are operating in silos that are not visible to incident responders. Organizations must reevaluate their IAM infrastructure with a goal of identifying opportunities for detecting compromise and immediately investigating and responding.”

3. Digital Supply Chain Risk

“Digital supply chain risks generally fall into four main categories:

  1. The potential disclosure of sensitive information shared with supply chain partners
  2. Compromise of infrastructure shared with supply chain partners such as networks, software, cloud service and managed services providers
  3. Attacks through common commercial and open-source software used in business and IT operations
  4. The exploitation of security flaws in the digital products sold to customers

These risks are becoming significant enough to demand new mitigation approaches that involve more deliberate risk-based vendor/partner segmentation and scoring, more requests for evidence of security controls and secure best practices, a shift to resilience based thinking, and efforts to get ahead of coming regulations.”

4. Vendor consolidation

“Across multiple security domains, security technology convergence is accelerating driven by the need to reduce complexity, leverage commonalities, reduce administration overhead and provide more effective security. New platform approaches such as extended detection and response (XDR), security service edge (SSE) and cloud native application protection platforms (CNAPP) are accelerating the benefits of converged solutions. Functional convergence in identity and access management is also ramping up, delivering a combination of access management, identity governance and administration, and privileged access management capabilities. At the same time, pricing and licensing options from multiproduct companies are making packaged solution buying significantly more attractive than point product buying.”

5. Cybersecurity mesh

“The cybersecurity mesh architecture concept is evolving and gaining popularity as a technical approach, driven by bundled vendor offerings and new emerging standards. Although not exclusively offered on an “as a service” basis, the transition to the cybersecurity mesh approach has also contributed to making cloud delivery the preferred approach for most cybersecurity technologies.

Existing approaches to security and identity architectures are siloed and work in isolation from each other. This makes a zero-trust architecture — where context and (near) real-time events drive an adaptive security posture — challenging. A cybersecurity mesh architecture (CSMA) helps provide a common, integrated security structure and posture to secure all assets, whether they’re on-premises, in data centers or in the cloud.”

6. Distributing decisions

“By 2025, a single, centralized cybersecurity function will not be agile enough to meet the needs of a digital organization. The CISO and the centralized function will continue to set policy, and it will be consulted and informed by the business technologists. However, the scope, scale, complexity, and time expectations of digital business make it increasingly necessary to shift cybersecurity decisions, responsibility and accountability to business units.”

7. Beyond awareness

“The human element continues to feature in the majority of data breaches, a clear signal that traditional approaches to security awareness training are no longer effective. Progressive security and risk management (SRM) leaders are moving beyond legacy security awareness programs by investing heavily in holistic security behavior and culture change programs more akin to a classical marketing campaign than an old-school, compliance-centric security awareness campaign.”

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner, Top Trends in Cybersecurity 2022, Peter Firstbrook, Sam Olyaei, Pete Shoard, Katell Thielemann, Mary Ruddy, Felix Gaehtgens, Richard Addiscott, William Candrick, 18 February 2022


To find out more:

Find guidance and insights on nation state attacks

Learn more about Microsoft integrated threat protection tools to help you secure your entire organization

Learn more about Microsoft’s secure identity and access solutions

Use Microsoft’s security operations self-assessment tool to understand the maturity level of your security operations team

Build your knowledge on ‘Zero Trust’

Find out more about Microsoft’s cyber security skilling program

About the Center of Expertise

Microsoft’s Public Sector Center of Expertise brings together thought leadership and research relating to digital transformation in the public sector. The Center of Expertise highlights the efforts and success stories of public servants around the globe, while fostering a community of decision makers with a variety of resources from podcasts and webinars to white papers and new research. Join us as we discover and share the learnings and achievements of public sector communities.

Questions or suggestions?

Follow Microsoft