- Softstart BTI Building, 136 2nd St, Randjespark, Midrand, 1685
- 011 695 4800
- 082 805 1949
It’s not only about the technology
Simphiwe Mayisela, Chief Security Strategist at SS-Consulting
Cyber security is a business risk, and must be addressed as such. CISOs must understand their role and look beyond technology, argues Simphiwe Mayisela, Chief Security Strategist at SS-Consulting.
“The threat landscape is worsening all the time, and CISOs are on the back foot because too many of them look at the issue through the lens of technology rather than that of business risk,” he says. “Cyber security has become critical to long-term sustainability, and the CISO role has to mature in order to rise to the challenge.”
Mayisela believes a number of factors are standing in the way of CISOs playing the role they need to play in protecting their organisations against increasingly persistent and sophisticated attacks by well organised cyber criminals.
A root cause of the immaturity of the CISO role is the fact that most CISOs come from a technology background, having been drawn to this area by a fascination with the combination of innovative technology and behavioural analysis.
However, in order to deliver value and command attention at exco and board level, they need to be able to communicate complex technological concepts for laypeople, and link the cyber security agenda to strategic business objectives.
A related problem is the shortage of enterprise security architects to design integrated solutions that address the business issues within the constraints of the budget. “
As a result, CISOs can end up buying technology solutions to address specific risks, without due consideration for how they will contribute to the organisation’s overall security posture—a cynic could argue that the cyber security industry is at risk of becoming simply a platform for buying commoditised products and does not yield true business value,” he says. “High spend does not translate into business confidence, and that’s a serious issue.”
A related problem is that it’s difficult to provide a clear return on the investment in cyber security because the benefits are intangible or negative (such as improved customer or stakeholder trust, or the prevention of security breaches), and cannot in any event even attempt to be quantified until a certain amount of time has elapsed.
CISOs under pressure
As a result of a mistaken focus on technology and the lack of cyber security skills (a global phenomenon), CISOs can feel they are losing the battle against cyber criminals. Surveys show that CISOs are feeling the pressure, with 90% of them working 40-hour weeks with everything that entails in the way of poor health outcomes and impaired personal relationships.
“CISOs must take positive steps to correct their approach — this is the war of the wits where CISOs are losing the skills battle to the cybercriminals. CISOs need to ramp up their business and communication skills in order to understand the risks properly and to be able to communicate them effectively to senior executives and the board,” he says.
“As regards the skills shortage, the key is to develop a strategic partnership with a vendor agnostic specialist consultancy that does have those skills and has the combination of business and technology insight that is needed. This also makes much more financial sense.
“CISOs have a critical role to play in helping organisations in both the public and private sectors develop and implement an effective security strategy, but to do that, they need to understand their role.”
All companies are unique in their own right, as such, we strive to acquire an in-depth understanding of our clients’ business objectives, goals and vision in order to ensure that our solutions do not only support critical business initiatives, but are also an enabler to our clients’ business objectives.
Send us your details for us to keep in touch
