Human-centric strategies boost cyber security

Johannesburg, 06 Jun 2024
Rashika Ramlal, Public Sector Country Leader, South Africa at Amazon Web Services (AWS).
Rashika Ramlal, Public Sector Country Leader, South Africa at Amazon Web Services (AWS).

Addressing the weakest link in cyber security cannot be approached as a project or work stream. Instead, it requires an ongoing and strategic programme to embed security culture throughout the organisation.

This is according to Rashika Ramlal, Public Sector Country Leader, South Africa at Amazon Web Services (AWS), who was addressing the ITWeb Security Summit in Sandton this week.

Ramlal noted that South African organisations were under attack, with hundreds of breaches reported in the media in recent months, and over 40% of companies paying the ransoms to access their data. Humans are generally the biggest risk factor in these attacks, she said.

Ramlal emphasised the importance of a strong security culture within organisations, pointing to the AWS approach as a good example of how to achieve this. At AWS, security is built into the organisational structure and seen as a core function of the business. As such, it is seen as everyone’s responsibility.

Ramlal said: "Our model embeds security culture throughout the organisation, with policies and procedures reinforced by ongoing training, campaigns with posters and signage to remind employees of the risks, and security ambassadors or security guardians to champion security best practice.

"A megatrend we see is the move towards human-centric programme design. Technology is predictable, but humans are not," she said.

Ramlal underlined the importance of instilling a sense of psychological safety across the organisation, in which staff feel they can communicate freely, and the CISO and IT security create safe spaces and can de-escalate and limit fear and panic during incidents. "Security is enhanced when you build an escalation friendly environment, where employees are thanked for raising alerts and escalating security concerns. This approach removes fear and builds positive reinforcement," she said.

Ramal said AWS’s own Security Guardians programme was a good example of how appointing security champions improves security across the organisation. Amid a worldwide security skills shortage, AWS scales out the security function with Security Guardians, she said. These are not security professionals, but rather security-minded individuals in the product development teams. They make sure that security considerations for a product are made earlier and more often, helping their peers build and ship their product faster. The programme has resulted in 22.5% fewer medium and high severity security findings generated during the security review process, and has reduced time taken to review a new service or feature by about 26.9%.

Ramlal noted that AWS supports cyber security for customers, with the most secure infrastructure, 143 security and compliance certifications, over 300 security services and features, and thousands of security solutions on the AWS marketplace.

Among many others, Interpol, the CIA and the FBI are on AWS. We also meet South African State Security Agency requirements to house South Africa data, making AWS the best provider of cloud, GenAI and security solutions for any customer, large corporates, enterprises and public sector.