)
It is a challenging time to be a CISO. This year, from economic pressures and expanding attack surfaces to emerging threats with ideological and financial motivations, will see CISOs pressure increase and influence their cybersecurity decision-making. In our final 2023 trends blog series, Cybersixgil believes that CISOs will change how they approach cybersecurity for personal career protection and organizational security reasons.
2023 Trend #5: CISOs will increasingly change how they approach cybersecurity concerning talent, budgets, and personal career protection and organizational security strategies.
Cybersixgill
In 2023 – CISOs will significantly change how they approach cybersecurity from the perspectives of talent, budgets, and strategies – both for personal career protection and organizational security. The recent Uber CISO guilty verdict has put CISOs on notice to adjust strategies and increase transparency.
In 2023 – CISOs may be inclined to consolidate technologies and tools to ‘cut the fat’ in previously inflated cybersecurity spending. An area tempting for cuts by budget makers is security awareness and other kinds of training. The top brass of organizations must start taking cybersecurity seriously and spending money on defenses outside the IT department. It’s crucial to remember that most data breaches still result from human error, demonstrating the inadequacy of traditional security awareness training. Modern companies must abandon compliance-based awareness campaigns from the past in favor of extensive behavior and culture change programs that promote safer workplace practices.
Dial-up security investments. Geopolitical events and technological disruption will continue fueling a sophisticated, fast-evolving threat landscape—prioritized security controls and solutions that protect customer-facing and revenue-generating workloads. CISOs will defend investments that support cloud modernization and the organization’s evolution to Zero Trust.
Adding further complexities to the CISO’s role, we will see an increase in the number of attackers motivated simply by bragging rights. These actors are often younger and not tied to a nation-state or organized group. The Big Four—Russia, China, Iran, and North Korea—will be highly active in 2023, using destructive attacks, information operations, financial threats, and more. Companies in European regions must stay especially vigilant, and organizations worldwide must be ready for increased attempts at extortion. Extortion actors will stop at nothing to achieve their goals, even using physical devices and less common types of social engineering.
)
)
)
)