As cybersecurity leaders can attest, the threat landscape today is increasingly uncertain and volatile. This is due to new emerging threats like automation hijacks, prompt injections and post-quantum cryptography. It is a perfect storm of volatility, uncertainty, complexity and ambiguity, or what Gartner calls “VUCA.” Generative AI (GenAI) continues to present new challenges through increased and improved deepfakes and phishing. And, like in previous years, cybersecurity attacks continue to evolve, with incidents affecting all industries and geographies.
As organizations continue to pursue digital transformation and criminals evolve their techniques, security leaders meanwhile must refine their tactics to prepare for, and respond to, new and existing threats.
Critical and emerging cyber threats
Critical and emerging threats are when attackers hold a significant advantage to successfully exploit weaknesses in targeted organizations, such as identity impersonation using deepfakes, AI applications compromise, adversarial prompting, and nation-state sponsored threats.
These critical and emerging threats are often complex and unclear. This makes it difficult for security leaders to find credible cybersecurity technical controls, leading to wasteful investments on ineffective tools.
The rapid adoption of AI technologies is reshaping the threat landscape by enabling attackers to augment existing social engineering attacks and create new attacks such as deepfakes. According to a recent Gartner survey, 37% of security leaders reported having experienced at least one incident of social engineering with a deepfake during a video call with an employee. Meanwhile, 43% experienced at least one incident involving a deepfake during an audio call.
AI agents bring unprecedented complexity to cybersecurity leaders. These agents enable new attack types such as direct and indirect prompt injections, because they use a probabilistic workflow based on both LLMs and offering memory (stored context over multiple sessions). Organizations are rapidly adopting AI agents, some developed internally as well as those embedded in third-party tools (such as coding assistants).
Security leaders must prepare for the evolution of AI applications into AI agents. CISOs should embrace an AI governance program that includes AI trust, risk and security management (or what Gartner refers to as AI TRiSM) technology to manage the inherent risks of AI.
Complex and volatile threats
Complex and volatile threats are where there is an active battle between attackers and defenders, with neither side holding a definitive advantage. Examples of complex and volatile threats include account takeover (both human and machine), cyber-physical systems compromise, supply chain attacks, external-facing infrastructure exploits, and ransomware/extortionware.
These complex threats force CISOs to have an investment discussion with the rest of the organization. By using outcome-driven metrics with protection-level agreements, CISOs can present and advocate for cybersecurity risk investments against other priorities of the organization.
Security leaders must articulate the need for additional risk mitigation investments. In today’s threat landscape, continuous improvements to defense strategy are necessary to protect against increasingly complex attacks.
This requires devoting effort to communicate the microtrends affecting these threats, and the required changes in defense strategy. For volatile threats, the ability of security leaders to gather “signals” about the reality of these threats for the organization is key to support improvement in the defense programs.
Established and latent threats
While most organizations are ready to mitigate the majority of established and latent threats, security leaders cannot be caught neglecting them.
Established threats are prominent threats for which the level of preparedness from the organization is high, the defense technologies are mature and the detection rate typically exceeds 90%. Some examples include API abuse, social engineering, phishing and business email compromise.
Latent threats come in multiple flavors but share the common attribute of flying below the radar for most organizations. Good security hygiene and implementing structured processes such as continuous threat and exposure management are the best way to keep up defenses against latent threats. Examples of latent threats include customer account takeover, physical access, and distributed denial-of-service (DDoS).
Security leaders must ensure that they preserve an advantage against attackers and stay on the watch for emerging techniques that could undermine it.
Responding to the threat landscape
Security teams often feel as though they have to do everything and be everywhere all the time. However, even resourceful organizations must make trade-offs between breadth and depth of threat management, given today’s VUCA state of the threat landscape.
Luckily, there is a series of steps security leaders can take in order to ensure that their organizations are best positioned to mitigate these emerging threats:
- First, quickly identify changes in the threat landscape and update cybersecurity priorities.
- Second, enhance the organization’s ability to counter critical and emerging threats by prioritizing processes and tools to tackle deepfakes, safeguard custom-built AI applications and agents and prepare for a postquantum cryptography world.
- Next, fortify the organization’s defenses against recent advancements in complex and volatile threats, focusing on supply chain attacks, ransomware and the evolving account takeover threats targeting humans and machine identities.
For established and latent threats, focus on microtrends and changes within the attack techniques, especially those that are AI-based. Security leaders can start with standard industry practices to prevent API abuse, and review process and tools’ efficacy against evolving social engineering attacks.
In a VUCA world, it’s all about preparing for the most unpredictable threats, reducing exposure and improving cyber resilience.
Jeremy D'Hoinne is a Distinguished Research VP at Gartner, where he assists chief information security officers and their teams in developing strategies to leverage AI in cybersecurity and secure AI applications and agents. Additional analysis on identity and access technologies and strategies will be presented at the Gartner Identity & Access Management Summits taking place March 24–25 in London and Dec. 8–10 in Grapevine. Follow news and updates from the conferences on X and LinkedIn using #GartnerIAM.
