If you’re a chief security officer (CSO), chief information security officer (CISO), or other cybersecurity leader, your job is never dull. Technology is constantly evolving, as are the threats to an organization’s data and intellectual property. No chief security officer can rest on their laurels because each year brings new challenges. And 2023 is shaping up to be one of the most challenging years yet.
Here are five of the top new cybersecurity challenges for a chief security officer in 2023—and what you can do about them. If you’re not a cybersecurity leader yet but hope to be one someday, you can still enjoy this look at 2023’s top CISO challenges.
The 5 Most Recent Cybersecurity Threats That CSOs Need to Know About
From the cloud and AI (Artificial Intelligence) to data regulations, the top cybersecurity threats for a chief security officer in 2023 reflect current trends in technology and the world at large, including:
Security Control Gaps Due to AI and Cloud
2023 will likely go down as the year that AI went mainstream. The popularity of ChatGPT, Google Bard, and other interactive chatbots brought the power of AI, large language models, and machine learning to even non-technical users. While these developments have mostly been a net positive for the world, bad actors have also discovered the power of AI. With many cybersecurity tools and apps now using machine learning algorithms, it can be difficult to tell whether AI is good or bad for security professionals (Greer, 2023).
A chief security officer in 2023 can expect to see more realistic phishing emails and other social engineering attacks, thanks to machine learning’s ability to mimic human speech. The speed at which AI operates has also led to an increase in automated exploits. Hackers can simply input a few parameters, watch AI perform automated vulnerability scanning, and then generate custom code to exploit those weaknesses.
At the same time, the enterprise shift to the cloud has been accelerated ever since the start of the COVID-19 pandemic. The increased prevalence of remote work that started in 2020
is in full swing in 2023, creating another control gap for chief security officers. Cloud environments can be particularly vulnerable to data breaches if they are improperly secured. A cloud platform’s identity and access management (IAM) can suffer from weak authentication methods and misconfiguration. A chief security officer in 2023 must adapt modern tools and solutions to close gaps between AI and the cloud.
Multicloud Adoption and Cloud Data Breaches
The shift to the cloud is so accelerated that many CSOs are now faced with securing a multicloud environment. However, each new cloud app or platform is also a potential new attack vector, making cloud data breaches one of the most pressing concerns in 2023.
One of the bigger hurdles for multicloud infrastructures is the difficulty of enforcing policy across different cloud apps or platforms. Security teams also may not get proper training on each new service, potentially leading to an increase in cloud data breaches. Even in the best cases, meeting compliance requirements across multiple clouds can be complex and requires careful planning.
A chief security officer should always be heavily involved in the process of evaluating new apps and platforms. That way, they can understand the security implications of bringing new systems online. The CSO should ensure that security considerations are a part of any new project’s budget so that a multicloud adoption doesn’t mean added data breaches.
Threat of Litigation with New Governing and Data Norms
While each new cloud service or platform brings new cybersecurity threats, that may be the tip of the iceberg. In the years since the European Union passed the General Data Protection Regulation (GDPR), other governments have passed several information privacy laws. Employee or customer data exposed in a data breach could violate these regulations, leading to the threat of litigation.
For example, in early 2022, the United Kingdom government announced plans to update its cybersecurity framework. The revised legislation is expected to expand the type of cyber incidents that must be reported to regulators (Ivory et al., 2023).
This is especially concerning when you consider that cyber attacks are getting more sophisticated with the use of AI and machine learning algorithms, deep fake technology, and advanced phishing attacks. For companies with a presence in multiple jurisdictions, the chief security officer now has to become an expert in data security laws and evolving societal norms around data usage.
Catastrophic Weather Events Impacting the Business Continuity
Every year has its fair share of extreme weather events, but 2023 has had more than its fair share. From Cyclone Freddy in February to the unprecedented wildfires in Hawaii in August, not a month has passed without a catastrophic event (Rao, 2023). This shifts the chief security officer’s concern from the virtual world to the physical one. Each extreme
weather event disrupts power, cellular communications, and internet access, posing a grave threat to business continuity.
Beyond the disruptions lie other headaches for CSOs. Cybercriminals might even take advantage of the chaos around weather disasters and ramp up phishing and social engineering attacks. Data centers and off-site backup locations might become compromised, leading to serious concerns about data safety.
More than ever, CSOs must invest in disaster recovery, ensuring that cybersecurity and data availability plans are in place. Backup and redundancy for critical systems should be in place, with response plans tested. It also wouldn’t hurt for cybersecurity teams to add weather monitoring to the alerts that their teams already receive. Extra preparation time can make all the difference in the case of catastrophic weather events.
IoT and 5G Security Gaps
The rollout of the 5G network represented one of the most significant upgrades ever to global internet connectivity. The increased speed, bandwidth, and capabilities of 5G are all positive developments. The technology has also led to an increase in the number of connected Internet of Things (IoT) devices. The number of 5G IoT connections is expected to increase from 17 million in 2023 to 116 million by 2026 (Juniper Research).
However, IoT devices have their own set of security concerns. Many use unprotected APIs for easy sharing of data, but this creates potential risks for enterprise data. Weak authentication methods are common among lower-cost IoT devices. Even worse, some IoT devices are set up outside the IT department and still use default passwords, leaving them wide open to attackers.
As IoT installations become larger with the advent of 5G, it’s time for CSOs to start plugging the security gaps. Procedures should be implemented to keep firmware updated, and APIs should be protected with strong authentication. Security software vendors are also adding IoT-specific features to their packages, which security teams should investigate.
How Information Security Management Training Such as C|CISO is Useful
Finding new cybersecurity leaders is one of the top priorities for organizations worldwide. If you want to be considered for these roles, it’s time to look at a certification program that has trained cybersecurity leaders worldwide, such as EC-Council’s Chief Information Security Officer (C|CISO). The C|CISO certification offers world-class training in all of the issues facing cybersecurity leaders today, including governance, information security controls, strategic planning, and more.
Greer, R. (2023, September 12). Artificial intelligence in cybersecurity: Good or evil? CIO. https://www.cio.com/article/651967/artificial-intelligence-in-cybersecurity-good-or-evil.html
Juniper Research. 5G IOT CONNECTIONS TO SURPASS 100 MILLION FOR FIRST TIME GLOBALLY BY 2026; ACHIEVING 1,100% GROWTH OVER THREE YEARS. https://www.juniperresearch.com/pressreleases/5g-iot-connections-to-surpass-100-mn
Ivory, A. Pittman, F. P., Timmons, J., Caisley, L., Burke, A., Hahn, A. A., & Turgel, D. (2023, march 22). Cybersecurity Developments and Legal Issues. White & Case https://www.whitecase.com/insight-alert/cybersecurity-developments-and-legal-issues
Rao, D. (2023, September). The extreme weather events of 2023. The Week. https://theweek.com/in-depth/1021278/2023-extreme-weather
About the Author
Leaman Crews is a former newspaper reporter, publisher, and editor with over 25 years of professional writing experience. He is also a former IT director specializing in writing about tech in an enjoyable way.