Massive cyber security investments wasted due to governance fails
Despite massive investments in cyber security tools, organisations are still being breached – typically due to inadequate cyber security governance and poor communication between IT and business.
This is according to Tichaona Zororo, director of Digital Transformation & Innovation Advisory at Enterprise Governance of IT (EGIT), who will be a speaker at the upcoming ITWeb Security Summit.
Zororo, who until recently served as president of ISACA South Africa, points to the lack of proper cyber security reporting to the board as one of the major factors behind ongoing breaches taking place.
“While organisations have invested millions into cyber security, we have to ask if the board of directors and senior management really have a good line of sight over cyber security. Do they understand exactly how many attacks are happening and how they are being mitigated; and are the reports being presented in such a way that even cyber-averse board members are able to consider and assess these reports, in order for them to provide effective and efficient oversight over cyber security?
“In most cases they are not even getting any cyber security reports, and if they do, the reports are insufficient and don’t deliver the proper business context to enable them to give the right direction. Therefore, organisations still get attacked despite heavy investments in cyber security,” Zororo says.
This challenge can be addressed through good cyber security governance and communication. He says cyber security should become a key agenda item at exco and board meetings.
“You also need to bring the right mix of technical and business skills into the organisation and set the right structures in place for reporting, to ensure that cyber security isn’t just about putting expensive tools in place, but that these tools are optimally utilised and that reporting is in specific business language easily understood by those with oversight over enterprise crown jewels.”
Zororo will address the 15th annual ITWeb Security Summit on the topic ‘Cyber security governance: Why is it Important?’. In this presentation for both business leaders and cyber security practitioners, he will outline why a holistic, enterprise-wide approach to cyber security has become a board and senior executives’ priority, the key components for cyber security governance, what an effective cyber security playbook looks like, measuring return on cyber security investments, and the importance of proper asset classification and categorisation.
The ITWeb Security Summit, to be staged as a virtual event from 25 to 28 August, will feature the latest updates from over 50 international and local security experts in keynotes, tracks, panel discussions, workshops and interactive group sessions.