Cybersecurity gives even the most formidable IT leader sleepless nights, and during an intimate dinner, CIOs revealed that creating a secure environment and building a cybersecurity culture is at the top of their wish list as we head towards the festive season.
On 7 November, CIO South Africa wrapped up 2023 by connecting with Durban-based IT leaders through an intimate dinner at one of the country’s most desirable venues, award-winning five-star luxury boutique hotel, The Oyster Box in Umhlanga.
The timing was perfect as spirits were high, the Springboks had just had their World Cup victory tour run over the weekend, and the Durbanite CIOs were also very grateful to be hosted. “We’ve been waiting for something like this in our city,” one CIO commented.
It’s been a tough year, most guests agreed, but the tail-end of it was something to celebrate, just a month away from the festive season, and among the guests’ Christmas list wishes, was keeping the Springbok “Bokke” spirit going, as they put it. “If the Proteas follow suit and win the Cricket World Cup that would be my ideal Christmas present,” one IT leader said.
For other CIOs, spending time with the family, gift unwrapping and economic recovery were on their wish list.
As the guests had a taste of the hotel’s complimentary Asian gnocchi pre-starter, the “main course” of the night and topical discussion on cybersecurity kicked off. For one CIO, it was realising or rather driving the point that cybersecurity shouldn’t be an afterthought, but rather be considered upfront was one step in the right direction in managing security. He added, “Finding the right partners (vendors) will also help us as IT leaders sleep better at night, and play an important part in our digital transformation journeys.”
One guest revealed that their organisation had undergone a huge investment drive into cybersecurity most recently, an important step in being prepared and keeping the environment secure. Another guest added to the sentiments of investing, but highlighted that in as much as you invest in the right cybersecurity tools, you also have to invest in training and educating the organisation, and in defence strategies. “Keep it simple and make it relatable,” one guest said. They had taken the approach of comparing cybersecurity at work to home security.
Using the logic that, one wouldn’t leave their front door open at home, so why leave it open at work? And not taking the necessary precautions of not securing your passwords, blindly opening emails or clicking on links, essentially making it a hacker’s playing field. “This is where training comes in,” a CIO added. “You can run as many pen tests as you like, but you need to educate your people as well,” they said. “Because the human more often than not is your weakest link.”
Another CIO revealed a link between creating a “safe space” by sharing and keeping the environment secure. “We encourage the people in our business to share real-life stories of incidents, keeping quiet and that information to yourself simply because you were too embarrassed doesn’t do the business much good. In fact, how do we take the the necessary steps to ensure it doesn’t happen again if we didn’t know it happened in the first place?” he said.
What about the tools? Logic says it’s always better to cast your net wide to get better results by using Mimecast, a cloud-based email management tool for Microsoft Exchange and Microsoft Office 365, including security, archiving, and continuity services to protect business mail – a tool that CIOs speak highly of, and how it has helped them in their organisations. But prevention is always better than cure, so rather use a tool like “KnowBe4”, they recommended – an educational app that enables users to complete their security awareness and compliance training through their smartphones or tablets.
To sweeten the deal, one guest suggested that it’s also better to make cybersecurity fun and engaging, and most importantly relatable. “You’d get better results from your training initiatives if they were done through apps such as Whatsapp – something people use every day and naturally gravitate towards, especially the Gen Zs (create an internal app dedicated to cybersecurity training and awareness),” he proposed.
“Make it fun, another CIO added. “Gamification is one way: run competitions in the organisation to see which area in the business takes cybersecurity seriously the most, and are willing rub that in the faces of the rest of the organisation, and if you’re a global organisation, even better, compete with your counterparts overseas, and see which region is most secure,” he said.
At the end of the evening the guest concluded that cybersecurity is a team sport, and walking the journey together of scoring that all important one try is the best approach. Those who refuse to walk along should be called out or let go – it’s that serious. It needs a zero-tolerance or no compromise approach because being on the other side of an incident is devastating. “The consequences are far too great if people don’t take it seriously.”
Those in attendance were:
- Andrew Kennedy, Frey's Foods CIO
- David Maehler, Vector Logistics IT Executive
- Eugene Van Der Lingen, Africa Health Research Institute CIO
- Hamzah Assmal, Al Baraka Bank Chief Digital Officer
- Ilse Gravett, RCL Foods Digital and Information Director
- Kevin Scott, Tongaat Manager ERP and Related Systems
- Kim Sim, Mr Price CIO
- Kuben Naganna, Head of IT City Logistics
- Nomahlubi Sonjica, CIO South Africa Community Manager
- Prishendra Venketsamy, Grindrod Group Information Security Manager
- Reabetswe Rabaji, CIO South Africa Managing Editor
- Renier Basson, Aspen Pharmacare Group Executive: Digital Technology
- Ruban Naidoo, eThekwini Metropolitan IT Manager
- Servasen Moodley, Busamed Group Head of IT
- Simon Bradshaw, Mr Price IT Director
- Stephen Van Coller, EOH CEO
- Steven Hughes, EOH Regional Director: KZN
- Ziaad Suleman, EOH Chief Commercial Officer