Subscribe
  • Home
  • /
  • Business
  • /
  • Cyber security isn’t an IT or business problem, it’s an “us” problem

Cyber security isn’t an IT or business problem, it’s an “us” problem

By Joanne Carew

Johannesburg, 08 Jun 2022
Wayne Olsen.
Wayne Olsen.

Cyber security and cyber crime is affecting every aspect of our lives. It has evolved from being an IT problem, to being a business problem and now it is an ‘us’ problem.

Giving a keynote address at the Cape Town leg of ITWeb’s Security Summit, Wayne Olsen, managing executive for Cyber Security at BCX, noted that society’s mass move to digital is exciting but it introduces a whole new world of risks because our digital transformation is often being done with cyber security as an afterthought.

When the pandemic hit, we literally had to take our entire business operations online and do everything in very different ways, he continued. But many did so in a rush and didn’t think about the cyber security implications of their digital transformation.

Transformation without security

“As we make this massive leap towards digitisation, we have become more and more susceptible to cyber attacks,” he said, noting that cyber criminals picked up on this; cleverly tapping into popular culture and human emotion to gain illicit access.

“According to Forbes survey, there will be around 27 billion devices connected to the Internet of things by 2025. That is 27 billion ways for us to enhance our economy, 27 billion ways for us to have a better social life but also 27 billion additional ways for attackers to get to us,” he explained.

For Olsen, all of this has caused the chief information and security officer (CISO) role to rise in importance. “The CISO has been invited to the ‘big boy table’ for the first time and they now need to explain to the board that as we make this journey to a more digitised world, we have to make sure that we do so with security in mind.”

It’s the CISO’s responsibility to explain the risks to business in layman’s terms, without holding back on the bad news or sugar coating anything, so that the business understands exactly what is out there. The goal here is cyber awareness, he stressed.

South Africa under fire

A look at the numbers paints a worrying picture. SA had the third highest number of cyber crime victims in the world 2021. This costs us around R2.2 billion annually. And looking at the issue more broadly, it is forecast that cyber crime will cost us around $10.5 trillion come 2025.

“This is not an IT problem and it’s not just a business problem, it’s a social problem affecting all of us every single day,” he said.

“Cyber security absolutely needs to be baked into the fabric of everything we do and every product or service we offer. When we’re making a decision to migrate something to the cloud or to launch a new service, cyber security needs to be the starting point of that discussion and not the last point of that discussion. If it’s not considered upfront, you’re going to have a bad experience.”

Chatting to ITWeb on the sidelines of the event, Olsen noted that security has always been viewed as a grudge purchase, going so far as to suggest that the creation of the CISO role was a grudge decision for many businesses. “But with many large attacks making news headlines, executives are realising that they need to be informed about what is out there.”

Everyone is a target

CISOs need to make sure that business understands that everyone is a target. Once cyber criminals gain access to your business, they will snoop around and sneak small bits of data out of the business without anyone noticing until they find something of value.

With this in mind, he strongly advises that businesses spend time understanding their attack surface and understand where their assets lie. This is important because you can’t protect what you don’t know you have, he said.

“It’s about going back to basics. Closely looking at each aspect of the business and incorporating security protocols into everything from the ground up,” he concludes.

“Over the years, business has done this and IT has done that and the gap in the middle is where the problems lie. When we go back to basics and identify where these gaps lie, only then can we start bringing in the necessary tool sets to keep the business safe.”

Share