Clive Brindley, Senior Manager for Security Practice, Accenture Africa, explains how South Africa’s consumer goods and services can achieve cyber resilience.
“It is commonly understood that security – or specifically cybersecurity in the modern-day organisation – is everyone’s responsibility, but what does that mean?” contemplates Brindley, who states that security can and should be connected to the very fabric of the business.
However, in order to weave cybersecurity into corporate strategies, product design, budgeting and daily business activities, there may need to be a cultural shift within an organisation and its investments.
“Whether you are developing a new process around customer engagement, launching a new product, or creating new services, the security executive needs to be involved at every stage from vision to implementation. It is high time companies elevate the role of the security executive from an IT security leader to a trusted business enabler,” comments Brindley.
“In turn, security executives must embrace business conversations that identify security risks in a way that is easily digested by the business leaders who are responsible for making risk and funding-related decisions. The Consumer Goods and Services (CG&S) industry especially, demands this now more than ever,” he adds.
Driving security into the foundations of an organisation
In a recent Accenture study, the company explained that “after decades of mergers and acquisitions, many CG&S companies have been left with large, decentralised organisational models that emphasise individual businesses or brands.” As a result companies have become increasingly open to cyber risks due to inconsistent security maturity, with many not addressing new emerging threats across the value chain.
Traditional security priorities have focused on protecting IT services and assets such as e-mail, IT data centres, enterprise applications, and desktop environments. “However, the increased sophistication in cyber-attacks means that security executives need to now focus on infusing security mechanisms into the fabric of the organisation’s strategy. This way, CG&S organisations can build Cyber Resilience to operate effectively despite persistent threats, sophisticated attacks, and disruption,” says Brindley.
Ways to improve risk posture
1. Secure the journey to the cloud
Many CG&S companies are beginning to move applications, workloads, or whole data centres to third-party cloud providers.
“This transition offers an opportunity to re-examine the business infrastructure and operations to design security in at the heart of organisational strategy, building resilience.”
2. Build trust in direct-to-customer initiatives
CG&S companies have begun to create strategies to deepen their direct consumer relationships and harness data analytics to make informed business decisions. Artificial Intelligence (AI), analytics and machine-learning enable organisations to mine large consumer data sets to better engage customers, manage promotions and understand behaviours.
“This is also useful for security to pre-emptively account for the new risks and protection obligations that come with this or any new data set.”
3. Manage operational technology (OT) risk
Advances made in operational technology (OT) have enabled organisations to use devices and services for the remote management and monitoring in factories.
However, “security is rarely a priority in comparison to the daily running of the factory. As a result, in recent times security executives have been forced to turn their attention from the IT to the OT environment, which has a unique set of challenges including: a lack of security accountability, inconsistent security processes, inconsistent technical controls, and incomplete asset visibility.”