With the advances of business technology and companies working virtually now more than ever, preventative cyber strategies and the need for suitable online defences for these businesses is on the rise.
With Brigid Nzekwu moderating, this roundtable debate features:
- Itumeleng Makgati, Group Information Security Executive, Standard Bank
- Jenny Mohanlall, Group CIO & CSO, Sturrock and Robson Group
- Mansi Thapar, Divisional Head Global Cyber Security, Apollo Tyres
- Manish Chandela, Group CISO, Unipart Group
- Mark Guntrip, Senior Director Cybersecurity Strategy, Menlo Security
With the increase of the population working remotely there has been a rise in cyber-attacks, to the average rate of 270 attacks per company throughout 2021, as stated by Itumeleng Makgati. Thus, the focus of cybersecurity has become all the more relevant for businesses in 2022.
Detect and Respond
Mark Guntrip made the point that detect and respond software is more prevalent in businesses than preventative cyber strategies measures. He feels that malware is most likely to enter the network through browsers, which are being used now more than ever with the population having been cooped up indoors. In response to this fact, Mark believes that we need tools to be able to stop viruses reaching the network so that there is less need for the detect and respond systems.
Apollo Tyres employs a 3-point system to protect itself, according to Mansi Thapar: ‘organisational readiness’ to face the threat of cyberattacks and have a plan in place; the business should have ‘internal hardening’ in the form of perimeter protection, preventative cyber strategies monitoring, and Beaming technology; ‘automation’- 20% of threats should be mitigated automatically without human interference. She acknowledged the ‘80-20 rule’, these values being the current ideal split between human and automation in cybersecurity.
“It’s important for an organisation to understand its threat surface before setting out your preventative cyber strategies,” said Manish Chandela. “Your controls have to be proportionate to the kind of threat your organisation is facing.”
Control and defence are both necessary for an effective cybersecurity system. Response strategies are in place due to there always being a chance that preventions can fail and there needs to be a recovery plan in place.
Itumeleng suggested that team exercises to understand how the virus moves and how it can be stopped would be beneficial as there needs to be a degree of upkeep performed by teams to keep everything protected rather than lay all the work on the sock analysts to fix the issues sent to them.
“Be more proactive than reactive when dealing with security,” said Jenny Mohanlall, who represented a smaller business at the roundtable.
Preventative Cyber Strategies Awareness
Jenny shared that upon her arrival to the company 3 years ago, there were no cybersecurity measures as the assumption was that the organisation was too small to be attacked. Jenny worked with the boards to help mould a security infrastructure from scratch, implementing ‘awareness training’ to prevent attacks with the belief that behaviours need to be changed according to the possibility of threat as part of the 80-20 rule.
There was a consensus that ideally the balance of human to automation would shift to be a more equal split in the coming years, especially with the need for cybersecurity rising. However, for organisations using remote workers there are limited types of attacks that can be performed as opposed to those with employees working in a central location, as Manish explained.
When discussing the need for companies to allocate funds for security, Itumeleng stated that companies need to ‘protect where the crown jewels are.’ Cybersecurity needs to be in line with business priorities and strategies, thus funded accordingly rather than simply buying the most expensive or modern software and hoping for the best.
This roundtable was created in partnership with Menlo Security.