Cybersecurity – the top 5 considerations for CEO’s
Cybersecurity has been top-of-mind for every single IT department across the country in recent times. Over the past two years, the spate of cybercrime has surged, and many South African organisations have been left reeling in the aftermath.
The recent PWC Global Economic Crime and Fraud Survey says that over a quarter of South African respondents believe that cybercrime will be the most disruptive, impactful crime faced over the next two years, and that cyber-attacks have become so inescapable that it’s becoming more strategically important to identify the mechanisms used by cybercriminals than to measure occurrences and impact.
This is a bold statement, as it highlights that adopting a proactive approach to cybersecurity must be seen as a business priority, today. However, many organisations are so indelibly focused on their digital transformation strategies and disrupting the market that, despite its looming presence in the IT world, many executives and CEOs remain unaware of the steps necessary to protect their digital initiatives and underpin their success.
1. Are you building your digital strategy on an insecure foundation?
Cybersecurity is fundamental to any digital transformation strategy. Without a secure base on which to build and interlinked security measures deployed across every platform, digital transformation strategies will crumble under the barrage of attacks expected to lambast businesses as they deploy more technologies. The onset of a connected world may hark an era of uninterrupted, always-on and customer centric business, however it also provides myriad more ways for cyber-criminals to gain a foothold into business’s networks.
According to a recent survey conducted by Cisco, 69 percent of surveyed executives indicated that their organisations are reluctant to innovate in areas such as digital services because of the perceived cybersecurity risks. However, its increasingly apparent that businesses need to digitally transform to remain relevant and innovative. The traditional premise of IT, cybersecurity has evolved as an enabler of digital business growth, and should be a boardroom concern, addressed by every stakeholder and driven by business executives.
2. Your data isn’t where you think it is
As a CEO or business executive, can you say – with confidence and certainty – that you know exactly where all of your business data is, right now? Do you know who is looking after it or accessing it? Is it safe, or do you just think it is? These are all very important questions that every CEO and business executive needs to know the answer to. If you don’t, your data may be exposed to cybercrime.
Data perimeters have shifted, and the advent of cloud means that your business-critical data may reside across a number of locations, from your server on site, to various cloud locations, to an administrator’s USB drive or a salesperson’s mobile device. Shadow data, or data that employees access using unauthorised applications on their mobile device, or simply by taking work home with them on a flash drive, has become a critical area of concern that requires strict controls and awareness.
To protect your business, it’s imperative to take cognisance of the threats that exist so you have a better understanding of the complexities of securing a hybrid data environment. A business’ security controls must align with business processes, so that the movement, storage, accessing and dissemination of data remains secure, no matter what new technologies are introduced or which direction your digital transformation strategy takes.
3. Even the best security controls are ineffective without the skills to use them
It’s one thing to understand that you need cybersecurity controls and technology, but a completely different thing to have the right skills to keep pace with the changing cybercrime landscape and gain the optimal value from the controls and technologies your business employs.
Integrate Immigration lists IT security skills as a critical skills shortage in South Africa, promoting it as an area where immigrants are in demand to fill gaps. Unfortunately, the skills required to manage a cybersecurity environment surpass traditional IT or security skills. Whether you elect to outsource, or employ in-house cybersecurity skills, they need to incorporate a level of data science, an in-depth knowledge of the cyberthreat landscape, knowledge of the security tools needed across various platforms, and the controls needed to ensure they work.
It’s also becoming increasingly important to embrace social media and the dark web as valuable sources of information with which to build a threat profile for your business, and understand what skills you require to employ the next generation security tools that keep it secure.
4. Don’t treat security like a grudge purchase
As a CEO or business head, you understand that security is a necessary requirement, however you may not know what you need to spend on it or how to build a cybersecurity budget that works for your business’ needs. With cybercrime having affected more than thirty two percent of South African organisations over the past year, businesses can no longer afford to wait until they are affected themselves, before acting.
The impact of a security breach extends beyond data loss – it affects a business’ reputation, customer service delivery and bottom line. A robust cybersecurity strategy not only protects your business, it adds value to the customers who entrust you with their data.
It’s important to ensure your security budget is in line with the maturity level of your business as well as the maturity level expected by the industry you operate in. You need to work hand in hand with your cybersecurity provider and IT team to understand the threats that exist for your industry, and build a security strategy, complete with supporting technologies and controls, that will ensure your business is secure.
5. Would you do business with company that’s not secured?
This is a question your customers are asking of you.
We recently conducted a cybersecurity audit at a large dairy producer, who were astounded to discover how many shadow applications and unauthorized programmes were being used within their organization, outside of their security controls. The risk of threat posed by those applications and programmes, as well as the threat of data loss, was immensely high, and top-level executives – some of whom were using their own unauthorized applications – were unaware. More importantly, the people responsible for the business’ cybersecurity were unaware.
Doing a credit check on partners is something a business doesn’t think twice about, yet we don’t concern ourselves with checking if our partners are secure, and if they are keeping our data safe. By doing a security check on your own business, establishing the weakness and addressing them, you can show your customers, partners and the world at large, that you take security seriously, and that you demonstrate accountability and responsibility for the data that resides with you.
Cybersecurity is a differentiator, and not just something you do on the back end. Customers want to engage with businesses they trust and who take their data seriously.
Paul Jolliffe, Lead DSM: Security at T-Systems South Africa
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”