Gartner Blog Network


Arcane is the new normal in cyber security

by Jonathan Care  |  August 26, 2015  |  3 Comments

It’s the end of Gartner’s Security Summit here in Sydney, and it has been great to meet fellow analysts, Gartner clients, and event sponsors. One of the conference themes was the evolution of the CISO role from cyber security Defender to Facilitator, and how strategy must encompass not only controls to protect the enterprise and detect when an attack is in progress, but also response and recovery – how to deal with an attack which gets past defences, and then get the enteprise back to business-as-usual operation.

It’s no surprise that right now there are a lot of cyberattacks, and a lot of data breaches subsequent to that as attackers seek to exploit, exfiltrate, and monetise information gained during an attack. Right now, there are more identities for sale, more vulnerabilities being found and more board-level executives are concerned about cybersecurity.

Attacks get smarter, defenders must become more agile

Attacks are becoming increasingly complex, using techniques such as ROP chains, sophisticated data-driven exploits, and of course social engineering. The challenge to determine how the breach occured increasingly looks like an exercise in divination, trying to unearth arcane entry methods. It is becoming increasingly challenging to prevent these attacks on a complex and distributed IT architecture, and the CISO should not undertake to “defend against all comers”, but more importantly to keep the business moving despite cyberattacks, insider fraud, and even hostile acts by competitors.

In the press, we see quotes from breached companies such as “We found no evidence that sensitive customer data had been copied”, and this ambiguous statement can mean not only that the damage from a cyberattack is limited, but also that the forensic investigation failed to reveal a complete attack timeline.

CISOs are becoming the digital paramedic, not (only) the digital firefighter

Nevertheless, CISO’s are charged with the responsibility of ensuring that attack risk falls within the enterprise risk tolerance, and that the impact can be absorbed without disruption to critical business services. Lessons are being learned from business continuity, and even from fraud management, and the question is increasingly no longer “Can we keep the infrastructure secure”, but “How can we ensure that we stay in operation in the face of determined and resourced attackers”.

Data masking techniques reduce the risk of key data being stolen by attackers, and the increasing use of specialist security service providers allows the CISO to make use of best-practice capabilities which may be difficult to retain internally. Evolving technologies such as User/Entity Behavioural Analytics provide insight and early warning of nefarious activity. Analysis of insider attacks reveals common motivators and stressors, including low corporate morale, poor management styles, and personal stressors.

We can expect Arcane to become the New Normal for attacks – so we need to ensure that we have robust defences, vigilant detection, and agile response capabilities.

Category: cybersecurity  

Jonathan Care
Research Director
1 years at Gartner
22 years IT Industry

Jonathan Care expertise includes payment systems, cybersecurity, fraud detection and prevention applications, authentication, identity proofing, identity theft, and insider threats. He also covers the PCI compliance program, tokenization and the security aspects of payment systems. Read Full Bio


Thoughts on Arcane is the new normal in cyber security


  1. […] Jonathan Care It’s the end of Gartner’s Security Summit here in Sydney, and it has been great to meet […]

  2. […] de interne undersøgelser har fejlet med at afsløre den komplette tidslinje for angrebet,” skriver Gartner-analytiker Jonathan Care i et […]

  3. […] term, it’s definitely a case of making the realisation throughout the organisation that these advanced attacks are the new normal. It’s about adopting the Predict, Protect, Detect, Respond mindset that is outlined in […]



Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.