Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementSecurity & Business Resilience

Earning the “C” in CISO: Staying secure through economic turbulence

By James Christiansen
man-adjusting-tie.jpg

Image via Unsplash

May 25, 2023

Uncertainties in the broader economy can significantly elevate exposure to both internal and external threats — and this is true for companies of all sizes and across virtually all sectors. With talk of a possible global recession this year, security professionals need to start anticipating the potential impacts to securing their organizations.

Many companies are already dealing with some combination of rising inflation, supply chain issues and/or murky revenue projections. While tightening annual budgets, some organizations might be tempted to skip necessary investments to keep the business safe from outside attacks. Security often becomes a target for operational spending cuts because it happens behind the scenes. We're seeing early signs of this already with some companies freezing their new technology budgets for the first part of 2023. And cybercriminals are well-aware of the rich opportunities this may present.

On top of more threats with greater sophistication, security leaders now face the additional challenge of doing more with less in their security program. Now is the time that true leaders step up and find ways to manage more with less. It is time to earn the “C” in CISO. To manage risks within the bounds of budgetary scrutiny, CISOs should focus on three critical areas: their people, processes, and technologies. 

People

These risks start close to home — inside the organization. Threat actors look to take special advantage in times of stress and change via targeted social engineering attacks. Phishing campaigns often target opportunities when employees are out of their ordinary routines. For example, there might be an email with a subject line about a coming layoff — which people may quickly open without thinking. 

In uncertain times, it’s also common for employees across an organization to start “packing” — just in case. They may take company files they’ve worked on and move them into private cloud libraries for later access. Maybe it's a copy of a sophisticated parsing routine that they wrote. It might be financial records or copies of sales contracts to reference the names of customers they worked with and how much they paid for services. One recent report shows a 300% rise in employee data theft during their last 30 days of employment.

But the intent behind exfiltrated data doesn’t have to be malicious to cause serious problems for an organization. Sensitive files stored in an unprotected cloud app could lead to unintentional disclosure of those materials. Risk managers need broad visibility of not only data and users, but also the account iterations of common applications and services.

More merger and acquisition (M&A) activity over the next year should also be anticipated. When companies experience sustained financial stress, we often start seeing consolidation in the market. That, again, leads to a widening attack surface that security leaders will have to manage with the same or fewer resources.

Processes

CISOs need to discuss the impact of a potential economic downturn with company leadership as soon as possible to find out what they’re anticipating for the year. If layoffs become a possibility at any point, security leaders need to be part of that plan well in advance to ensure seamless processes for both electronic and physical security. Can they quickly lock down systems and suspend all access in the event of a 15% reduction in workforce?

Backups are another consideration. Let’s say the company terminates someone due to a layoff. Afterward, their manager requests access to all the critical information that the employee controlled — including email and files. Security leaders need to have a seamless process in place that anticipates that type of common situation, as well as make sure they are compliant with the necessary privacy laws when accessing past employees’ emails. This plan needs to include not only data center assets but also all the software-as-a-service (SaaS) applications employees are using as well.

Technologies

Security leaders may also face not having a fully staffed security team for their program — as a result of reductions-in-force, being unable to backfill open skilled positions, or being spread too thin as a result of M&A expansion. Doing more with less might also mean looking at strategic investments in automation of repetitive security tasks as well as broader infrastructure consolidation. A secure access service edge (SASE) solution is one such approach for consolidating infrastructure. A SASE framework can help simplify both networks and security stacks — reducing operational costs and the number of people needed to manage systems.

Technologies that automate repetitive security tasks can free up skilled human staff for higher-value responsibilities (like threat hunting). At the same time, automation can also help improve the overall effectiveness of your security program because you're less exposed to human errors. According to Verizon, 82% of all breaches last year involved the human element in one way or another.

Strategic planning starts today

Cybercriminals know how to take advantage of tighter security budgets and hiring freezes. CISOs should anticipate the very real possibility of having to cover more risk exposures with fewer resources than they had last year. Strategic attention to their people, processes, and technologies can help security teams plan to use what they have more efficiently and more effectively in the coming months.

KEYWORDS: CISO CISO leadership economic employee security employee theft phishing social engineering workforce

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

James Christiansen is the VP of Cloud Security Transformation at Netskope.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • CISO two people sit at computer in workplace

    Does the CISO belong in the C-suite?

    See More
  • The Uncharted Path for New Security Leaders

    Hiring a CISO: The evolving role of your security executive

    See More
  • The Long and Winding Road to Cyber Recovery

    Five steps to secure your business – From the C-suite to the assembly line

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing