Championing a ‘security-first’ mindset

Itumeleng Makgati
Itumeleng Makgati

Having a plan in place that covers risk management, or the process of identifying potential risks, assessing their impact, and planning how to respond should the risks become reality, has become critical for every organisation, irrespective of their size or industry.

ITWeb Security Summit 2020
Register now for the ITWeb Security Summit 2020 virtual event, and experience four days of international keynotes, sessions and workshops all for one price. The event will feature over 50 speakers, with all content being made available on-demand online. To register, and for more information, please click here.

However, cyber security is still viewed as something the IT department needs to take care of instead of an enterprise risk, and IT continues to manage risk from a compliance perspective as opposed to a business one.

So says Itumeleng Makgati, group CISO at Sasol, who will present a case study on: ‘A board conversation on cyber security risk management’ at the ITWeb Security Summit, to be held from 25 to 28 August as a virtual event.

According to her, cyber security has gained increasing attention from the board in recent years.

Today, board members expect crisp accountability, knowledgeable and accurate forecasts, as well as information that is relevant in a strategic context. They also look to the CISO to put any changes into perspective, she explains.

However, the COVID-19 disruption has added new complexities to the board’s cyber risk concerns. In recent months, lockdowns aimed at curbing the spread of COVID-19 have seen the global workforce change significantly to work-from-home environments, a shift that poses new risks to both businesses and individuals alike.

“The conversation and the noise related to cyber security has been amplified,” she adds. There is a greater need to raise awareness around cyber security within the organisation, as attackers are capitalising on the panic and uncertainty, using any and all means to gain access to the personal information of both businesses and individuals.

Delegates attending her talk will gain an understanding around the communications between the board and the CISO, as well as how to help the board to ask the right questions. Finally, Makgati will discuss championing a ‘security-first’ mindset across the entire management team.