Cybersecurity Summit: Dealing with the human factor


At the CIO South Africa Cybersecurity Summit, industry leaders gathered to discuss crucial strategies against cyber threats and the best ways to protect the organisation's most valuable assets. Winning the great cyber war, CIOs say, requires a strong army – your people.

On 20 February, South Africa’s most formidable IT minds gathered at 39 Melrose Boulevard in trendy Melrose Arch, for an insightful and informative discussion on what gives most IT leaders sleepless nights: cybersecurity.

CIO South Africa community manager Nomahlubi Sonjica kicked off proceedings by welcoming South Africa’s leading IT minds.

In keeping with the cyber theme, attendees went digital, with programmes and summit booklets available for download via a QR code.

The first session was a Q&A with Sasfin group CIO and 2023 CIO IT Project of the Year Award and Digital Innovation Award recipient Josh Souchon, who shared insights on cybersecurity – lessons learned, and how leaders should navigate challenges, while shaping the future.

"The most important thing,” he said, “is making cybersecurity a business and people strategy, and making the board own cybersecurity. It needs to be a holistic approach. Your people are your first line of defence, so bring them along the journey.”

Josh went on to say that the key in cybersecurity is having the tools and monitoring in place as well as collaboration: learning from other people, sharing ideas with people in the industry, and asking the right questions.

According to Josh, Sasfin takes a top-down approach to cybersecurity, from a group level and all the way into support areas and IT. In this approach, the CEO sets the cyberstrategy tone, then the head of audit, followed by the IT team, and all of these efforts are to protect “the crown jewels”, as he puts it.

All hands on deck

Much like the swift response needed during a cyberattack, Nomahlubi wasted no time and jumped straight into another informative dialogue. A panel discussion interrogating the nucleus of where most attacks begin – the human factor, and how guests should take effective, yet decisive action when the inevitable happens.

Panellist Dr Sylvia Sathekge, CIO at SNG Grant Thornton, whose PhD thesis focused on cybersecurity and cyber-safety, said cybersecurity should be everyone’s concern.

She cited the shocking statistic: that the cost of cybercrime each year is in excess of R40 million. She also emphasised the need for greater regulation when it comes to cybersecurity, and a commitment at board level.

“The people you hire must have a safety mindset from the onset,” she said. “It also helps to bring leadership along the journey, and it can’t just be about the tech, but it also has to be about the people – it's a shared responsibility.”

Sylvia added that cyberculture is a moving target, “you don’t just start and then stop.”

Sylvia was in good company, joined by her esteemed colleagues and fellow panellists, Tshilidzi Mafenya, IT manager at Siyanda Bakgatla Platinum Mine, and Mary-Lyn Raath, head of Digital South Africa at iOCO.

Are we losing the war?

The back-to-back informative sessions were enough to build up guests' appetite. It was an appropriate time in the evening for attendees to become more acquainted with one another, over some delicious canapes and refreshments.

This was followed by the great group brainstorm that unveiled even more tips and tricks to fight back against cybercrime.

Kevin Wilson, GM for group IT services at Stefanutti Stocks, had the room thinking almost immediately when he said. “As I sit among my combatants, there’s a feeling I just can’t shake off: I feel like we’re losing the war because the costs just keep doubling every year. So my question is, are we really winning the war?”

One attendee shared Kevin’s sentiments, saying that attacks have become very sophisticated over the years, “as such, you never feel like you’re winning the war, but rather sometimes feel like you’re falling a bit behind, and this tells us that as technologist, we need to think about tech coupled with the people."

Toni Serra, CIO at AECI, noted, “Almost every attack is linked to an individual, and the main objective is to protect your crown jewels."

While CIO at the Council for Medical Schemes and 2023 Young CIO of the Year Award recipient Dr Denisha Jairam-Owthar, threw two important questions in the ring: Who can interrogate the CIOs? and Why have the CEOs not updated their policies and introduced a retainer for cyber, which will allow the organisation to get the necessary skills? Denisha added that she would be open to being interrogated herself.

As the evening drew to a close, it was time for the guests to reflect on the learnings from the summit – and spend time catching up with their fellow IT leaders.

Related articles