Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

5 priorities security leaders need to tackle in 2023

By John Pirc
SEC0821-cyber-Feat-slide1_900px

gremlin / E+ via Getty Images

December 19, 2022

Moving into 2023, organizations and their security teams face compounding and troubling problems in the cyber landscape. Increasingly complex environments are contributing to growing attack surfaces and IT management difficulties. Simultaneously, security threats are increasing in volume, frequency, and sophistication. This has created an environment where organizations must manage security right every time, while bad actors only have to break through once. 

The numbers aren’t pretty. The global average cost of a data breach increased by 2.6% from $4.24 million in 2021 to $4.35 million in 2022, representing a constant and significant risk to business continuity. 

With stakes this high, it is critical to understand how organizations can strengthen their security posture in the face of these challenges and risks. Here are five key priorities that organizations must build into their cyber plans for 2023.

 1. Assessing risk: prepare and prioritize

Not all cyber threats are equal. Some are minor with limited potential impact. Some could take down your core systems and interrupt business. So you need to manage cybersecurity as you would manage any other business risks: by prioritizing threats that pose the greatest risk to your operations and ability to produce value. This requires a programmatic and operational approach to cyber protection. People, processes, and technology need to work together effectively.

It is important to recognize that purchasing cybersecurity tools is not the same as having an effective cybersecurity program. A programmatic approach starts with building out the processes by which you will regularly identify the assets that are most valuable and vulnerable. With this understanding, you can develop an efficient program that focuses resources where they most effectively reduce cyber risks.

 2. Data analytics and automation for scale and speed

    Companies should always start by defining their risk profile and ensuring that their cybersecurity program is aligned with their risk profile. That enables the ITOps and Security teams to focus where it matters and to proactively shore up their security posture where it matters most. 

    Given the sheer volume of threats, for most organizations, there’s no way to do this without data analytics: ingesting large volumes of security and operations telemetry and using data analytics to discover patterns that indicate situations that could turn into significant incidents. Analysts can then investigate and resolve those before they become critical incidents. It also helps ignore the vast quantity of noisy alerts.

    Few organizations have or can hire the staff to track down everything, so the key is to make everyone you have more effective. One way to do that is to automate tedious and repetitive tasks (typically these are so-called Level 1 and Level 2) so analysts can identify and respond faster to issues that are real risks. Instead of handling an overwhelming load of alerts, security teams can immediately respond to prioritized situations and focus on higher-level tasks.

    3. Build an expert security team both internally and externally

    Any IT or cybersecurity professional can confirm that the talent gap is real. Many organizations feel overwhelmed by their inability to hire more experts. The reality, however, is that hiring more people can’t solve the cybersecurity problems we’re facing now by itself. Nor will adding more tools. Savvy organizations invest in their security teams, find a technology stack that makes their teams more effective, and may use managed security service providers (MSSPs) to augment their security programs.

    Investing in your security team provides valuable benefits. Advanced training helps them work more effectively and efficiently. Rather than being overwhelmed, security practitioners are engaged, challenged, and feel more valued. They are more likely to remain with their current organization instead of jumping to another company. But, again, you need to remove the tedious tasks and flood of alert noise that cause burnout and job hopping.

    4. Implement a cybersecurity mindset across the entire company

    Cybersecurity is operationally difficult to maintain because it is not a single person or team’s job. It inherently relies on everyone in the entire company as well as those you do business with. The office of the CISO is responsible for updating company security policies and maintaining regulatory requirements, training employees, and conducting blue team exercises. Security training and validation must also extend to external groups and third-party vendors to ensure appropriate security measures function across company and supply chain engagements.

    Most recent breaches are due to “human engineering,” where employees, partners, and others with access to connected systems are tricked into giving their passwords to threat actors, so it’s critical that everyone is trained in what to look out for. Phishing emails can be very hard to recognize, and threat actors are getting more creative. Everyone should be on guard.

    A good cybersecurity program also includes a well-honed incident response crisis program with a clear action plan involving key leaders, stakeholders, and ops teams. A streamlined process is essential to facilitate immediate communication, “war room” collaboration, and remediation activities. This ensures teams can respond quickly and accurately during a cyber event to avoid or minimize any business damage, disruptions, and impact on customers. Don’t assume it will all work as planned: Practice.

    5. Make security a priority and ensure alignment with the board

    For the vast majority of organizations, cyber threats present a persistent and dangerous business risk. This level of risk requires resources and investments that necessitate the complete buy-in of the board. 

    The best way to engage the board is through a transparent roadmap with quantifiable goals. Leaders must be able to visualize intended business outcomes and assign a level of business risk to each of those outcomes. From there, the board can have a solid understanding of the risks of not protecting certain assets and will ultimately be better positioned to fund effective cyber programs. 

    Note that communicating with the board is a challenge for most CISOs. Board members want to know “are we at risk?” so you have to align your metrics and communications to what matters to them.

    Understand Your Security Maturity and Effectiveness

    Security operations is an ongoing, evolving, and accelerating challenge. The most critical part of planning your security effectiveness is being honest about where you are in your journey, and about the likelihood of breaches. No company with connected systems is immune.

    Examples of what you should do, if you haven’t already, include setting up patching and password policies, basic asset management, immutable backups, and more. If you’ve done that, focus on the most critical requirements of your organization and build a data analytics and automation-driven security program. Finally, shift into an elevated security program that’s proactive, predictive, and focused on intelligence-driven resolution.

    With the support of your board and a culture of security in place, you will be well-positioned to maintain a strong security posture, build security ops at scale and speed, and reduce business risks in 2023 and beyond.

    KEYWORDS: cybersecurity data analytics risk management security operations

    Share This Story

    Looking for a reprint of this article?
    From high-res PDFs to custom plaques, order your copy today!

    John Pirc is the Vice President and Head of Product Management at Netenrich.

    Recommended Content

    JOIN TODAY
    To unlock your recommendations.

    Already have an account? Sign In

    • Security's Top Cybersecurity Leaders 2024

      Security's Top Cybersecurity Leaders 2024

      Security magazine's Top Cybersecurity Leaders 2024 award...
      Cybersecurity
      By: Security Staff
    • cyber brain

      The intersection of cybersecurity and artificial intelligence

      Artificial intelligence (AI) is a valuable cybersecurity...
      Logical Security
      By: Pam Nigro
    • artificial intelligence AI graphic

      Assessing the pros and cons of AI for cybersecurity

      Artificial intelligence (AI) has significant implications...
      Cybersecurity Education & Training
      By: Charles Denyer
    Subscribe For Free!
    • Security eNewsletter & Other eNews Alerts
    • eMagazine Subscriptions
    • Manage My Preferences
    • Online Registration
    • Mobile App
    • Subscription Customer Service

    More Videos

    Sponsored Content

    Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

    close
    • Crisis Response Team
      Sponsored byEverbridge

      Automate or Fall Behind – Crisis Response at the Speed of Risk

    • Perimeter security
      Sponsored byAMAROK

      Why Property Security is the New Competitive Advantage

    • Duty of Care
      Sponsored byAMAROK

      Integrating Technology and Physical Security to Advance Duty of Care

    Popular Stories

    Internal computer parts

    Critical Software Vulnerabilities Rose 37% in 2024

    Coding

    AI Emerges as the Top Concern for Security Leaders

    Person working on laptop

    Governance in the Age of Citizen Developers and AI

    Half open laptop

    “Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

    patient at healthcare reception desk

    Almost Half of Healthcare Breaches Involved Microsoft 365

    2025 Security Benchmark banner

    Events

    June 24, 2025

    Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

    For today's security teams, making informed decisions in the first moments of a crisis is critical.

    August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

    View All Submit An Event

    Products

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

    See More Products

    Related Articles

    • Golden lights

      Data deregulation to AI protection: Security priorities in 2025

      See More
    • Focused man looking at laptop

      How to tackle burnout at the source in the security operations center

      See More
    • Financial regulations coming that security and IT need to prepare for now

      Fraud spurs wave of new financial regulations – What security leaders need to know

      See More

    Events

    View AllSubmit An Event
    • August 27, 2025

      Risk Mitigation as a Competitive Edge

      In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
    View AllSubmit An Event
    ×

    Sign-up to receive top management & result-driven techniques in the industry.

    Join over 20,000+ industry leaders who receive our premium content.

    SIGN UP TODAY!
    • RESOURCES
      • Advertise
      • Contact Us
      • Store
      • Want More
    • SIGN UP TODAY
      • Create Account
      • eMagazine
      • eNewsletter
      • Customer Service
      • Manage Preferences
    • SERVICES
      • Marketing Services
      • Reprints
      • Market Research
      • List Rental
      • Survey/Respondent Access
    • STAY CONNECTED
      • LinkedIn
      • Facebook
      • YouTube
      • X (Twitter)
    • PRIVACY
      • PRIVACY POLICY
      • TERMS & CONDITIONS
      • DO NOT SELL MY PERSONAL INFORMATION
      • PRIVACY REQUEST
      • ACCESSIBILITY

    Copyright ©2025. All Rights Reserved BNP Media.

    Design, CMS, Hosting & Web Development :: ePublishing