How to Advance Cyber Governance Maturity: UniSuper’s Munashe Kandawasvika

UniSuper’s Security GRC Manager, Munashe Kandawasvika, shares the critical importance of adopting robust governance, risk and compliance programs to advance cybersecurity maturity

With an IT career spanning over 22 years, Munashe has a strong background in network and systems engineering. He has worked in different industry sectors including government, education, mining and resources, rail, telecommunications, and finance services. He is passionate about protecting sensitive information and systems from cyber threats, and always strives to stay up to date with the latest developments in the field. 

“What caught my interest in cybersecurity was nothing out of the ordinary per say. I always had a keen interest in computing and networking, and at the time it appeared that the focus was more on building and rolling out systems with little focus on cybersecurity,” Munashe says.

“One of my earlier roles was in the financial services sector where I was part of an IT team that looked after some Unix firewalls. I shadowed one of the senior engineers who was generous enough to show me the ropes and that started my journey. I went on to further my studies and completed my Masters in Cybersecurity, and other security certifications.”

Know the Enemy and Know Yourself

One certainty in cybersecurity is that complacency is the perfect ingredient for failure.  It may appear cliché, but the rapidly evolving threat landscape is the biggest challenge facing cybersecurity executives worldwide. Cybercriminals are becoming increasingly sophisticated in their tactics, and organisations must be able to adapt quickly to new threats and vulnerabilities. 

Munashe says it requires a strong governance framework, effective risk management processes, and a culture of compliance to ensure that security controls are in place and operating effectively.

“Additionally, the increasing complexity of regulatory requirements and the need for organisations to demonstrate compliance with multiple standards and frameworks adds to the challenge,” Munashe says.

“Security threats are constantly evolving, and it is imperative that I stay up to date with the latest trends and developments in order to effectively manage risks to the organisation.”

In addition to the challenges above, Munashe is also focusing on trying to find a balance between the need for security with the need to keep the business running smoothly. “This involves making difficult decisions about which risks prioritizing and how to allocate resources”, he says.

Communicating the importance of cybersecurity and compliance to a wide range of stakeholders at all levels of the organisation, from senior management to front-line employees, is also critical.

“Demonstrating impacts or communicating risks in a language that all stakeholders understand cannot be understated. I believe as cybersecurity professionals, it is incumbent on us to continuously develop this skill and understand the bottom line of our stakeholders,” Munashe says.

Shifting Cyber from Cost Centre to Business Enabler

Munashe works with his teams to align business strategy with Cybersecurity strategy in several ways. Some of the strategies that he has been successful at include:

• Collaborating with business leaders to understand their goals and priorities and ensuring that cybersecurity initiatives support these objectives.
• Conducting regular security risk assessments to identify and prioritise cybersecurity risks that could impact the business and developing strategies to mitigate these risks.
• Developing and implementing cybersecurity policies, standards, frameworks, and procedures that are aligned with the business strategy and support the organisation's overall risk management approach.
• Communicating regularly with business leaders to keep them informed about the cybersecurity threat landscape and providing them with the information they need to make informed decisions about cybersecurity investments and risk management.

Another successful way Munashe is helping UniSuper to understand the value of cybersecurity is by demonstrating the potential financial impact of a cyber-attack.

“I do this by conducting risk assessments to identify potential threats and vulnerabilities, and then calculating the potential financial losses that could result from a successful attack. This could include the cost of lost productivity, lost revenue, legal fees, and damage to the organisation's reputation. “

“However, in recent years I am finding that communicating the value in which cybersecurity can be an enabler to the business and provide a competitive advantage has brought about balance to the conversation. Cybersecurity can help to build trust and confidence with customers by demonstrating that the organisation takes the protection of sensitive information seriously.”

“By implementing strong security measures and adhering to industry standards and regulations, organisations can show their customers that they are committed to protecting their data and privacy. This can help to build trust and confidence and can ultimately lead to stronger customer relationships and increased loyalty.”

“By presenting this information to business leaders, they can better understand the importance of investing in cybersecurity measures to protect the organisation,” Munashe says.

Munashe will be delivering a presentation on ways to advance cybersecurity maturity at CISO FSI Online ANZ 2024 on the 12th of September. He will share some unvaluable insights for cybersecurity executives on how to leverage the increase on compliance requirements as a tool to advance the organisation cybersecurity maturity.

Join him and you will take away some practical tips on how to approach this complex topic and learn to devise a roadmap on how you can implement some quick wins in your organisation. To find out more about his session, check out the agenda and register to attend, simply click this link!