CyberCom | Digital Forensics Experts

Across South Africa, organisations are scrambling to digitise their services, taking advantage of ecommerce and migrating to the cloud. This has significantly increased their cybersecurity exposure to adversaries. According to PwC’s Digital Trust Insights 2023, the most common threat actors that South African businesses are facing originate from cyber criminals, hacktivists and competitors. According to the results, the three most commonly used pathways adversaries use to breach local companies are social engineering, email and exploiting of web applications. South African and African respondents also felt that third party breaches and hack and leak operations had significantly increased.

An interesting element of the report however is South Africa’s view on who is responsible for South reporting cybersecurity and privacy risks to the organisation. Globally, businesses believe this role falls to the chief information security officer (CISO), but in South Africa, the trend is that the CEO is ultimately responsible. This places cybersecurity at a board level.

However, while the serious nature of cyber risks is clearly recognised by c-suite executives, many CEOs and leadership teams have not previously been involved in the cyber side of business. At Cybercom, we regularly engage with leadership teams who are upskilling themselves in what they should be asking and reporting on from a cybersecurity perspective.

Effectively addressing cyber security risks calls for solid leadership, with the board collaborating with executive and technical teams to comprehend the organisation’s risk exposure. Fostering a company culture that values cyber security is vital, as is backing technical experts and IT departments in their endeavours and working with the right cyber security partners.

Here are nine questions that leadership teams should be asking within their organisations.

  1. What is the nature of the threats we face?

There should be a dedicated team tracking current cyberthreats. This is a rapidly evolving landscape. The right cybersecurity partner will be completely up-to-date with global trends and aware of any new and present threats.

  1. Are we aware of our threat landscape?

Recognising which systems are crucial to the primary business functions and their security positions is fundamental in managing cyber security risks. Furthermore, understanding the threat landscape in which your organisation operates is necessary to evaluate cyber security risks.

  1. How can we stay updated on the threat landscape?

It is essential to obtain accurate and timely information on cyber threats from reliable sources. Additionally, consult your organisations experts, such as the CISO, CSO, or CIO, and industry experts.

  1. Are we aware of the data we possess and its storage location?

Data is precious, and most cyber breaches are specifically trying to access it. Have you identified vital data whose confidentiality, integrity, and availability are crucial to your organisation’s operations? Consider not only the worth of individual data pieces but also the collective value of your data holdings, should, for example, your data be encrypted during a ransomware attack. Knowing where this data is stored within your organisation is critical to protecting it and responding to a cyber security incident.

  1. How can we safeguard our organisation and stakeholders?

Remember, you aren’t only protecting the company’s critical data and digital infrastructure but also the sensitive information of all stakeholders, such as clients and employees. You need robust, comprehensive, and forward-thinking solutions that will adapt to the evolving cybersecurity landscape, ensuring continuity of operations and trust in your organisation. This strategy should be clearly articulated and followed with measurable KPIs. The right cyber security partner could be instrumental in helping you put this together.

  1. Are we familiar with our regulatory obligations?

In South Africa, Protection of Personal Information Act (POPIA) came into full effect in July 2021.

POPIA is a complex piece of legislation that has a simple premise: Businesses and organisations hold a lot of data relating to their customers. They have a regulatory duty to protect that information –

first to protect client privacy but also because of fraud and identity theft, all of which requires hackers to access personal information.

  1. Do we understand the cyber security risks in our supply chain?

Does your organisation rely on key business partners, like software and hardware suppliers supporting critical operations or a third party with remote system access? Cyber security risks in your supply chain could impact your business. Engage with your CISO, CSO, or CIO to ensure these risks are identified and managed, regularly assess your third-party suppliers, and work with a cyber security partner and digital forensics experts to identify where your entire supply chain has vulnerabilities. This is particularly critical after a breach occurs.

  1. Do we understand our cyber security maturity level?

Understanding your business’s cyber security maturity means you can identify which areas need further investment. With digital transformation still taking place, hybrid working on the rise and a rapidly evolving threat landscape, staying on top of your cyber maturity is critical.

  1. How should we tackle a cyber security incident?

During a cyber security incident, decision-making often faces significant time constraints. As a result, you should be ready to make crucial decisions beyond your executives’ delegated authority, such as that of your CISO, CSO, or CIO. To prepare, consider discussing these questions with your board, executive team, and have a rapid response plan in place and a cyber security partner available 24/7. When an incident does happen, time is of the essence.

Elevate cybersecurity to board level

Ultimately, cybersecurity is now firmly within the realm of top leadership at all organisations. Our belief is that CEOs and c-suite executives should even have cybersecurity-related KPIs and metrics, ensuring that this remains a top priority.

Scroll to top
ankara escort
ankara escort çankaya escort çankaya escort escort bayan çankaya istanbul rus escort eryaman escort ankara escort kızılay escort istanbul escort ankara escort ankara escort escort ankara istanbul rus Escort atasehir Escort beylikduzu Escort Ankara Escort malatya Escort kuşadası Escort gaziantep Escort izmir Escort