3 Security Trends Every CISO Needs to Know in 2023

3 Security Trends Every CISO Needs to Know in 2023

  • By Brad Jones
  • Dec 14, 2022

Cybersecurity has dominated the headlines in recent years as cyber attacks have risen at an increasingly alarming rate. In fact, global attacks increased by 28% in the third quarter of 2022 compared to the same period in 2021. Remote work, accelerated digital transformation, and more intelligent threat actors have made cybersecurity a top priority for every organization.

While a comprehensive cybersecurity program used to be a nice-to-have for companies trying to stay ahead of the game, it is now a must-have for any organization with a digital presence. Customer priorities are also evolving, and trust and transparency are non-negotiable when B2B customers select vendors to store their data. The following trends should be top of mind for security professionals as they look ahead to 2023.

Security professionals must prioritize data classification or risk regulatory repercussions

While data handling practices vary based on industry and type of data (PII, healthcare, financial, etc.), all organizations need a unified data classification strategy. Without it, companies open themselves up to major fines that threaten their freedom to operate if employees accidentally mishandle data. On the plus side, companies that have not formalized their data classification strategy have a chance to do it—and, in doing so, to implement more effective controls.

Not enough companies understand where their data is or how it should be classified. It’s difficult to come up with a broad enough policy to cover all of a company’s data and the security team alone can’t devise a solution. But there are best practices that can help organizations put a process in place to prevent the mishandling of data.

First, keep classification simple. Standard categories—including restricted, sensitive, internal and public data—offer straightforward guidelines for classifying data from across an organization. Second, data protection controls should be mapped to classification standards and aligned with the risk associated with the data type. Many companies struggle to rank the relative risks to different types of data but with a comprehensive strategy and the right tools, security teams can establish appropriate data protection protocols. Lastly, involve key stakeholders early in the data classification process. Data security must be everyone’s responsibility if an organization is to tackle this challenge successfully. An organization’s security team, legal department and individual data owners—whether that’s sales, marketing, HR, or others—must be involved in the data classification and policy making process to ensure data is handled in compliance with regulations.

Cloud service providers will face greater demands for tech stack transparency amid security concerns

In response to increasing federal software security regulations and customer concerns about software vulnerabilities, software providers have been forced to provide more visibility into their tech stacks.

High-profile security flaws in widely used open-source tools, such as the Log4j vulnerabilities, underscore how important it is for organizations to be transparent with customers about what is in their software. Threat actors aren’t slowing down and the pressure is mounting for organizations to create secure solutions.

Heading into 2023, technology service providers will be more transparent with customers about the software stacks and libraries that make up their products and services. This additional transparency will create new methods for customers to evaluate IT service providers so they can make more informed purchasing decisions. Providers that are more open about their tech stacks will be more competitive as customers prioritize security and transparency as key purchasing considerations.

Automation will bridge the security skills gap — and create a new one.

85% of cybersecurity professionals believe the workforce shortage impacts their organization’s ability to secure information systems and networks. Compounding the workforce shortage, nearly a third of cybersecurity professionals plan to change professions in the future. To address the security talent shortage, organizations have adopted automated security tools. These tools offer workload and cost efficiencies but managing them requires specialized skills. While automation may solve the current security skills gap, it may create another one by requiring a level of specialization that many security workers don’t have.

As organizations implement automated tools, they must also equip their employees with the right training and development opportunities to utilize these tools effectively. Automation doesn't fail – people do. Security departments that strategically adopt new technology and invest in upskilling IT staff will be better prepared against security threats, while deepening engagement and loyalty from their employee base. Upskilling efforts can include self-paced courses on utilizing automation tools, guided in-person training opportunities to foster collaboration among teams, and low-code/no-code workshops.

There is no one-size-fits-all solution to cybersecurity. Every company has its unique approach to data storage and risk management depending on its operations and industry regulations. As companies navigate an uncertain financial environment, cybersecurity is not something they can afford to risk. A data breach means both reputational and monetary damages that drastically impact a company’s bottom line when they can least afford a financial hit. As a result, the role of the CISO rises to new levels of importance, requiring strong leadership through an increasingly complex landscape, in 2023 and beyond.

Featured

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

  • Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

    Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now

  • Axis Communications Creates AI-powered Video Surveillance Orchestra

    What if cameras could not only see the world, but interpret it—and respond like orchestra musicians reading sheet music: instantly, precisely, and in perfect harmony? That’s what global network technology leader Axis Communications set to find out. Read Now

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX

  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
Most   Popular

New Products

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.