The learning exercise from a data breach is "sadly" the most valuable experience for a chief information security officer (CISO).
So said Steve Jump, founder and director of Custodiet Advisory Services, speaking at the ITWeb Security Summit 2023, hosted in Sandton this week.He formed part of a C-level fireside chat on cyber security.
South Africa has witnessed a spike in cyber attacks in recent years, with the Information Regulator revealing in February that it has received over 500 notifications of data breaches or security compromises.
Some of these attacks have been on credit bureaus, healthcare and retail groups, several government departments, as well as highly-organised DDOS attacks on South African banks. In March, systems integrator Dimension Data and its subsidiary Merchants confirmed a “limited” breach experienced on their call management system platform that exposed client data.
More recently, the Western Cape Provincial Parliament confirmed a cyber attack on its ICT systems, saying yesterday it fears a data leak of some or all of its data.
Additionally, Showmax issued a notice about a security incident affecting user credentials, saying its initial investigation showed some customers’ emails and passwords were compromised.
However, customer financial information remains secure, says the video streaming service statement. “The affected data is no longer available online, and all impacted customers have been notified and advised to reset their passwords.”
Responding to a question from the audience whether the Showmax CISO should keep their job in light of the cyber incident, Jump said: “If you're the Showmax management team and you have a CISO in a major breach, the experience your CISO is going to obtain over the next few weeks is going to make them such a hot commodity you'll want to make sure nobody actually poachers them from you.
“I’m not saying CISOs should get it wrong, but a CISO is part of a management team. The learning exercise from a breach sadly is the most valuable experience you can ever get.
“Think about that next time you feel like shooting your CISO – it may or may not been their fault but you can't afford to throw them away.”
Helen Kruger, head of operations at Teraco Data Environments, added that cyber resilience is not only about prevention, there are many components of it.
“It's about both identification as well as recovery. You have to make sure you're ready for it and that you recover from it quickly.
“I guess the Showmax CISO will keep his job if he does that well and that should be the measurement, not the fact that they had a cyber event.”
Kevin Wilson, GM: group IT services at Stefanutti Stocks, agreed that the cyber event can’t be used as the only measurement. “There is a guarantee that you’re going to get hacked, it’s how well you respond to that. It’s not just the technical response, but how they are communicating to their public.”
Share