Thought Leadership – “A CISO greatest challenge – How Secure is my organisation?”

We live in a world of constant change. Covid-19 has accelerated our mobility and digital transformation strategies in the short space of 18 months. It has created a new way of working;  the work from home or the hybrid scenario of work from home/office has become the new normal.  These changes require that we look at security in new ways. The traditional way of building a “digital fort”, around organizations is no more. Organisations are left porous with many gaping holes.

Dailly, we hear of new and more advanced cyber-attacks, from “meat processing plants”, “pipelines”, “transport and logistics”, “consulting companies”, “Telco operators” and the list goes on.  The latest Sonic wall report shows that ransomware attacks have increased by 158% since 2019.   South Africa is the second most ransomed country after the USA.  According to the Ponemon Institute, the average cost of a data breach for the past five years is now a staggering $392m. Given the high costs associated with a data breach, many organisations fail to recover and go out of business. 

The traditional form of Cybersecurity is no longer sufficient to stop this ongoing barrage of Cyber-attacks.  We need a new approach, a proactive approach to deal with Cybersecurity.  We believe that this is best achieved by firstly ensuring the development of your greatest asset, your people. By creating a strong, “Human Firewall” you have addressed your greatest asset as well as your greatest vulnerability.

The second step in a proactive approach is to address the CISO’s greatest challenge of understanding, “How secure is my organisation?”.  To address this challenge, I believe that a continuous assessment of security vulnerabilities is needed.  The cyber threat attack vectors are dynamic, and the old static methods of vulnerability assessments are insufficient in handling the continuously evolving threat vectors.  Organisations need advanced automated tools with built-in AI, to assist in the identification of security vulnerabilities.  By ongoing identifying holes in our infrastructure, prioritizing the most urgent vulnerabilities and plugging these gaps we move to a more secure organisation.

By identifying the security holes and gaps against the latest threat vectors and well-accepted frameworks such as the MITRE ATT&CK framework the CISO or CIO will have the answers to one of their most burning questions, “How secure is my organization against a Cyber Attack”.

 Sunjay Ramessur (CISSP), Principal Consultant, iOCO advisory

Leave a Comment

(ISC)² Gauteng Chapter