Building a culture of security is a far more powerful risk mitigation measure than relying solely on technical controls or compliance checklists. However, a security culture must be driven by leadership to be successful.
This is according to Rashika Ramlal, public sector country leader, South Africa at Amazon Web Services (AWS), who was speaking ahead of the upcoming ITWeb Security Summit.
Ramlal says: “The traditional approach of relying on specialised security teams and compliance frameworks is not enough to assure security. Security should be viewed as a critical job requirement for all, and not only the domain of the security team. The path forward lies in cultivating a culture of security - one where everyone in the organisation understands their role in keeping the enterprise safe and resilient.”
Security should be viewed as a critical job requirement for all, and not only the domain of the security team.
She notes that security should be connected to the organisation’s overarching mission objectives: “We all have a responsibility to our customers, shareholders, and other stakeholders to maintain the security of our systems, the integrity of critical systems, and the data we are entrusted with.”
Ramlal says: “Executives like the CFO, CMO, and COO should make it clear that security is essential for financial well-being, customer trust, and reliable operations. When making decisions about security, it's important to involve all key stakeholders to understand the full security posture and gain commitment to necessary security improvements. Security cannot be sustainable and pervasive if it is approached as a project, or managed by just one specialist division. Security cannot be an afterthought - it must be deeply integrated into the organisation's mission and objectives at all levels.”
She says that while complex attacks may require advanced cyber security strategies and tools, promoting simple yet effective security hygiene habits across the organisation is an extremely cost-efficient way to build a strong security foundation and protect against the most prevalent threats. “Establishing security norms, such as shredding sensitive documents, limiting user privileges, and immediately terminating accounts when employees leave, creates a culture of security awareness and responsibility,” she says.
Ramlal will deliver a keynote at the ITWeb Security Summit, focusing on a leadership perspective on ingraining a culture of security.
The ITWeb Security Summit 2024 will take place at the CapeTown Convention Centre on 27 and 28 May and the Sandton Convention Centre on 4 and 5 June. For more information and to register for this event, go to:
https://www.itweb.co.za/event/itweb-security-summit-2024/
Share