Independent Technology Advisor, Peter Abela, discusses governance and the importance of aligning cybersecurity to business goals
Governance, Risk and Compliance (GRC) is one of the pillars of a robust cybersecurity plan. If you want to effectively align your cybersecurity strategy with the company’s goals, you must fully embrace GRC, along with risk management, program management, incident response and business continuity as critical parts of your plan.
In this article, we chatted with Peter Abela, Principal at Abela Consulting. With a career spanning more than three decades in IT, most recently as CIO of an ASX100 international mining organisation, we asked Abela why the concept of governance is so misunderstood.
Abela thinks that governance is often associated with images of box-ticking, check-ups, and auditing, none of which are very pleasant activities. However, it is important to think of governance as a proactive planning and assurance process that involves establishing a holistic framework explicitly designed to ensure that all bases are covered.
“This includes processes to provide assurance that they are occurring as designed,” Abela says.
The Marriage of Cyber and Business Strategies
Trying to eliminate risk completely is impossible. A successful cybersecurity plan focuses on reducing risks to a minimum while allowing the business to operate and thrive.
The cyber strategy needs to be underpinned by a clear understanding of risk and risk appetite.
“This should be explicitly agreed at the most senior level of the organization, typically the board,” Abela says.
“Once the risk appetite is understood, a strategy can be developed to ensure that the cyber posture of the organization is appropriate and in line with the organisational requirements.
"Understanding this helps to prevent either underinvestment or overinvestment in cybersecurity."
Having recently worked in the mining industry, Abela explained that the sector faces different risks than consumer-facing businesses.
“Mining companies hold little in the way of personal financial or identification data, so they are not a target on this basis,” he says.
“However, they can be a target for so-called hacktivists, who are hackers motivated by activist principles. Therefore, strong ESG practices are imperative to ensure strong community and environmental standards.”
Many mining operations are in remote areas of the world with varying approaches to the rule of law. Thus, in some scenarios, nation-state actors can also present a threat,” Abela says.
/CISO%20Sydney_Agenda_use%20with%202cm%20left%20%26%20right%20margin.png?width=1000&height=300&name=CISO%20Sydney_Agenda_use%20with%202cm%20left%20%26%20right%20margin.png)
Holistic Approach to Cybersecurity
Many organisations implement point solutions to solve various problems within the cybersecurity domain, such as endpoint protection, firewalls, and patching. While these are all worthy initiatives, they alone will not provide the necessary protection.
“As someone who has led significant uplifts in cyber maturity as measured by independent reviewers, I have learned some of the more holistic thinking and practices that are required to ensure that a truly layered and in-depth approach is adopted to deliver successful cyber outcomes at a reasonable cost,” Abela says.
Reaping the Seeds of Success
Abela’s journey into technology started when he was in Year 12. He was successful in obtaining a cadetship with BHP which provided him with full-time employment while he studied at university.
“When I filled in the application form, we had to list our preferred disciplines in order of preference. I knew I didn’t want to do engineering, but it was a toss of the coin between IT and finance for my first preference," he says.
"I didn’t even know exactly what I’d be doing as an IT Cadet, so I was very close to being a bean-counter! I enjoyed writing a Test Cricket simulator in BASIC in the 1980s, which probably helped me select the IT path.
“Since that time, I’ve been fortunate to have a great career of more than three decades in IT, most recently as CIO of an ASX100 international mining organization and now as an independent technology advisor.
“I’ve had experience across all facets of the technology landscape and led the integration of numerous acquisitions, divestments, ERP and payroll implementations, digital solutions, and cyber improvement roadmaps. I’ve also had the opportunity to work across numerous sectors, including mining, financial services, logistics, manufacturing, and private equity."
We asked Abela to share his biggest success in 2023, both personally and professionally. For him, it was running his first marathon, the Sydney marathon.
“The day was unseasonably hot, with the temperature rising above 30 degrees Celsius. Despite hitting ‘the wall’ and having to dig deep to get through the last ten kilometres, the fantastic crowds lining the streets of Sydney helped me to get over the line,” he says.
“Professionally, my biggest success has been starting my own business, Abela Advisory.
“My purpose in doing so is to deliver trusted advice to help businesses maximize value from their technology investment and manage associated risks.
"I aim to provide access to an experienced, on-call CIO who can perform a health-check, help organizations protect themselves against evolving cyber-security threats via a pragmatic, risk-informed approach, and align technology with their business goals to ensure their IT infrastructure and services support their organization’s vision."
Peter Abela will be delivering a presentation at CISO Sydney 2024 and sharing his experiences on embracing governance as an enabler for cyber maturity, and how implementing a structured, risk-based, management system helped optimise the organisation’s cybersecurity programs.
To find out more about his session at CISO Sydney 2024, check out the agenda and register to attend, simply click this link!
