Kathy Gibson reports from Africa Tech Festival – As we move towards a digital-everything world, cybersecurity, cloud security, and cyber resilience is more important than ever.
Ayanda Peta, CISO at Africa Rainbow Minerals, points out that most organisations are unaware if they have been hacked. “And when you find out, how do you react?” he asks. “Are you resilient, and can you bounce back? Do you inspire confidence in stakeholders?”
The reality is that most organisations will be hacked at some stage, and they need to be prepared for that.
So this can’t be a technical conversation only, Peta says: it has to be a business conversation as well.
The first step involves technology and businesspeople jointly understanding what cyber resilience is by evolving cybersecurity paradigm skills and adopting a forward-thinking mindset.
They then need to make this practical through a five-step methodology for anticipating cyber resilience and building a cyber resilience-by-routing framework.
The final step is to figure out how they can measure the value of cyber resilience.
We have gone through waves of mindsets when it comes to cybersecurity, Peta says. And, for much of the last 40 years, the approach has been on a purely technical level.
“But the new shift is to thinking about cybersecurity from the business point of view.”
The trends towards zero-trust security complements cyber resiliency, Peta adds. “A common mindset helps us to forge a united front against adversaries.”
Cyber resilience, which should be a business conversation, adopts a forward-thinking mindset in order to keep the business operational when something happens.
Peta explains that cyber resilience is the ability of an organisation to transcend any stresses, failures, hazards, and threats to its cyber resources such that the organisation can confidently pursue its mission, enable its culture, and maintain its desired way of working.
Cyber resilience prepares the business for the future, Peta says. It helps the organisation to withstand, anticipate, respond to, and recover from threats.
It should dovetail with a zero-trust stance that ensures systems always verify access requests, always grant least-privilege, and always assumes a cyber breach has taken place.
Peta advocates a five-step methodology for anticipating cyber resilience that observes the signs, looks for patterns, asks the right questions, does scenario planning, and tests plans.
This methodology starts with a broad view of the entire ecosystem and is narrowed down to the specific organisation’s risk profile and situation.
Thereafter, CISOs can ensure internal processes are in place – with business executives on board and supporting the strategy.
Peta issues a call to action to other CISOs: “As a community, we have not been able to effectively measure cyber resilience. What we need to do is make sure we are confident in our ability to help our organisations to withstand a cyberattack.”
In a move that may help them, the Cloud Security Alliance is forming a South African chapter that aims to help organisations understand and upskill talent.
The chapter will launch in the new year and is actively looking for members, sponsors, and partners.