Risk

7 New Challenges CSOs Will Face in 2023

By Daniel Young | January 9, 2023 | 4 min read
CSO challenges 2023

What is in the future for security professionals? Chief Security Officers (CSOs) are likely to face several challenges as we enter 2023, from threats to organizational issues.

Below are our top seven predictions for the new year.

1. Insider threats

CSOs should have major concerns about employees sharing information they should not be discussing outside of work. This was a big problem in 2022, especially when it comes to cybersecurity; insider threats accounted for 35% of all data breaches in Q3 of 2022.

What can you do?

Because insider threats can cover everything from legitimate whistleblowers to a terminated employee with a grudge, CSOs have to be proactive rather than reactive. This means paying attention to your information and document control policies and processes. If Intellectual Property (IP) isn’t easy to access, there’s less risk of an insider stealing it. You may want to install mobile phone dampeners that make it difficult for people to use their devices on-site. It’s also important to look at your company culture. Employees should want to be there, feel included and heard. By making sure employees are engaged and fairly treated, you can lessen the risk of a disgruntled employee stealing valuable IP.

2. Cyberthreats

Cybersecurity continues to be a huge problem for businesses of all kinds. Ransomware attacks appear to be here to stay, along with brute force attacks, credential theft, and phishing. Social engineering played a role in many of these attacks, meaning that often people were the weakest link — not technology.

What can you do?

Preparation is the most important thing for CSOs when planning to address cyberthreats. Because humans are so often targeted in cyber attacks, make sure your people are trained to recognize a social engineering attack. Implement good cyber hygiene, and use tools like multi-factor authentication to keep credential theft attacks low. Zero trust is also an important part of protecting your organization, as is a plan for what you will do when you are targeted by a ransomware gang.

3. Layoffs and job loss

The economic outlook is out of the control of the CSO, and so is the threat of layoffs. In the current economic climate, job insecurity is a major cause of stress at work, and CSOs may have to deal with strikes and potential workplace violence.

What can you do?

CSOs should of course make comprehensive plans to deal with labor-related scenarios, including both workplace violence and labor strikes. It’s also important to be honest with employees about any potential layoffs. Honesty and respect can go a long way to diminishing resentment.

4. Remote workers and the hybrid workforce

Many workers have stayed remote since the pandemic began, and many workplaces have embraced the new hybrid workforce. Although remote work can increase productivity and decrease overhead, it can cause security challenges, such as a disconnect in company culture and IP that isn’t secure in workers’ homes.

What can you do?

CSOs need to think about how they can secure both remote employees and the company IP they work with every day. Companies also have to create policies that treat everyone fairly. If, for example, people are only asked to come into the office when they’re going to be terminated, that may cause a security problem.

5. Not completing remediations

A year after the school shooting in Oxford, Mich. in November of 2021, whistleblowers came forward to report that the district had not implemented its school violence playbook, which lays out steps that should be followed to identify and respond to threats. Many organizations are in the same boat; they may have paid a consultant for a threat and risk assessment, but they haven’t implemented any of the remediations suggested in the report.

What can you do?

If a CSO knows of security problems but is not working toward resolutions, the organization is liable for any incident that could have been prevented. Remediation has to be prioritized and recorded. Organizations must be able to show their progress on remediation, even if they’re not able to complete every improvement immediately.

6. Implementing or improving Global Security Operations Centers (GSOCs)

GSOCs are becoming much more accessible to CSOs in businesses of all sizes. GSOCs are a huge advantage; they allow security to gather intelligence, respond quickly to incidents, and protect their organizations. In the past, however, GSOCs were mostly seen in larger enterprises. Now, however, security applications and integrations mean GSOCs can be set up in any organization and on any site.

What can you do?

Examine your existing security applications and determine which integrations work best for your organization. By working with your IT team, you can easily set up a GSOC that will help your organization monitor active threats.

7. Scaling up

When companies grow, they often have growing pains and this is the case for security as well. Growing your operation to include several sites can be a headache for security leaders who are not used to dealing with assessments for so many sites. This can also be a challenge when sites are removed and sold. Each presents unique security issues.

What can you do?

Being organized is important for fast-scaling businesses. Monitoring 100 sites, for example, is difficult. It’s also important to invest in tools that can give you quick visibility into the risk profiles of all your sites. Circadian Risk’s platform, for example, takes the place of traditional narrative reports, feeding all site data into a dashboard so that you can see all your sites, and their risk, side by side.

Contact us now for a demo, and keep your sites safe in 2023.

Are you ready to improve your organization’s risk resiliency?

See Circadian Risk In Action Now
Create an Account