The enduring urgency of cyber security

Is cyber security considered an IT problem in your organisation? Or is it seen as a business challenge? If the former, you need to know about what Ben van Niekerk, brand manager for RSA Security at First Distribution, calls business-driven security.

There are a number of reasons why this shift in the way you think about security is essential to protecting your organisation, your data, your people and your customers. First, cyber criminals haven’t been standing still. They’ve evolved from anarchic hackers into well-organised, highly motivated, very innovative syndicates in their own right. They are both ruthless and creative. To have any hope of defending yourself against attacks from these criminals you need to rethink the tools, technology and procedures you use today.

Second, data protection regulations hold individual business leaders (by default the CEO) accountable for 1) having the right protection in place, and 2) explaining to the board, shareholders, customers and information authorities the details and extent of any breach, what was done to prevent it, and what is being doing to remediate the matter and minimise harm. Furthermore, there will be an obligation to report a breach within a reasonable about of time after becoming aware of it—in South Africa the Protection of Personal Information Act (POPIA) doesn’t specify a time, but it is unlikely to be weeks, months or never.

Third, among the many trends the 2020 pandemic accelerated is organisations’ digital transformation journeys. Technology-driven innovation saved the day when we had to rapidly switch to working from home, while maintaining efficiency, effectiveness and productivity. This has had an existential impact across all business relations, including procurement, supply chain, workforce and the security of these relationships. Consider just one example: the rise in fraud in the supply chain, with criminals taking advantage of remote working plus anxiety and uncertainty around the pandemic to redirect payments.

Van Niekerk says business-driven security should be obvious for any right-thinking CEO heading a modern organisation. So, if you are determined to kick the cyber security ball out of IT and into the business, where do you start?

According to Van Niekerk, visibility and insight is key to allowing you to find out what needs protecting, to remediate any gaps and then to staying safe on an ongoing basis. It is critical that this visibility and insight is contextualised within the business, so that only the important incidents are flagged and you are not overwhelmed. Then, in case of a breach, this will give you the specific insight needed to comply with regulatory requirements, protect your reputation, and do the right thing for your customers and people.

Additionally, you need to think about cyber security as a journey and not a destination. This is not a “to do” that is ever going to get ticked off, or move down the priority rankings. You will be continuously assessing and adapting your cyber security approach and practices to create long-term, sustainable business-led security for your organisation.

Ben van Niekerk joined an expert panel at Altron Systems Integration’s Cyber in the City event to discuss business-led security and how companies can adapt to a changing security landscape. Find out more at cyberinthecity.co.za, and if you missed out on the event, watch the recording here https://youtu.be/lIKIWb9exqk.

Menu