Written by Corinium on Nov 19, 2019
An important part of the solution is to invest in digital and cyber security skills development, particularly in Africa. Absa is addressing skills shortages in the area of financial services security through several initiatives, including the the Absa Cybersecurity Academy, launched a partnership with the Maharishi Institute in March 2019. The academy provides accredited cyber security training and financial support, among other things, for students.
At Absa, we take a pragmatic approach to security, bringing together the physical and digital aspects of security in a single converged security office in order to better analyse, prepare for, and deal with the threat landscape.
Building relationships with other executives is important, also to understand their risk appetite. Once this is clear, it is easier to align security-portfolio priorities accordingly and glean the necessary support.
Dual accountability is critical as, ultimately, we’re talking about one share price, one brand. Effective collaboration requires each executive to understand the challenges of the other in order to execute effectively on the company’s strategy and goals.
The conversation is all about security. It is important to have an honest conversation with the board and to be transparent, so as to allow and enable board members to appreciate the size and scope of the challenge in securing the organisation. This opens the way to garnering the required support, including budget.
Technical concepts must be conveyed and contextualised effectively, so that their relevance in supporting the business to deliver against its strategy is clear.
The main day to day challenge would be protecting what you don’t know. A big challenge is making sure your data is accurate. If I have five assets and I only know about four of them, I can only protect the four assets; I can’t protect the fifth. So it’s about trying to understand what’s in the macro environment so that you can ensure the data of your customers and the organisation is kept safe and so that, reputationally, the organisation is not impacted in any way or form from a breach perspective.
It definitely features right at the top of the list of strategic priorities, simply because, from a security culture perspective, if everybody did what they needed to do, it would make the role of protecting the organisation so much better. You have to make security awareness programmes current and relevant to employees. We talk about how to protect your wifi at home, how to protect your kids from cyber bullying, why you need to change your password for all your multiple accounts whether its social media or online banking. When you start making security relevant to employees and personal to them; then you start to see the shift from a security culture perspective.
In My View…
My Masters in Information Security as I did that quite late in my adult life; that was achieved in 2013 to 2015 whilst travelling to over 50 countries and raising a young family with my wife – we’d just had a baby in 2013; and trying to juggle work, study and family time – that’s what I’m most proud of.
In conjunction with a few people at Absa; that would probably be the Absa cyber security academy, which aims to take impoverished and marginalised youth out of abject poverty and giving them a hot skill in cyber security, ultimately giving them a job at the end of the programme.
People who work in any organisation are typically trusted, as they should be. They automatically have access to systems that external threats do not have access to. They already have administrator rights to databases and systems, so it is easier for them to circumvent the controls that we have in place versus an external threat.