Intelligent CIO Africa Issue 21 - Page 42

FEATURE: ////////////////////////////////////////////////////////////////////////// and targeted attacks, on the other hand, are more complex. CIO’s need to invest in advanced tools and expertise, but more importantly this step necessitates time to identify the indicators of attack, spot an incident, investigate it and mitigate the threat and respond. The CIO should also put specific policies in place to ensure that the response is effective and that the threat is dealt with entirely • Prediction: The prediction of future attacks, and understanding the attack surface, defines the long-term strategic defense capabilities of a CIO – and is becoming as essential part of an effective security strategy, given the advanced threat landscape businesses are dealing with. Gerhard Pretorius, the Chief Technology Officer at Wyzetalk individuals at the company involved and can have a life-changing experience for both its customers and employees. “While the direct line of data security may lie with the Chief Security Officer, because the CIO understands the complexities and specifics of the IT infrastructure, the data that is being gathered and the access protocols, and has a direct line to the business and CEO, they are in a prime position to take control or consult on the security requirements of the business and as a result, are often responsible for security overall.” Badenhorst adds that CIOs need to examine a strategy that takes the following into account: • Threat prevention: This is mostly covered by technology and most businesses know that they need to block generic threats that are emerging daily – and have this covered through a comprehensive IT security solution • Detection and response: Sophisticated “To mitigate future threats related to the security of data, CIOs need to shift their mindsets around security,” said Badenhorst. “It’s no longer just an IT issue, it’s a business one and as their role increasingly means bridging IT into the boardroom, it also means that they need to look at regular security assessments, training employees on general security hygiene, and the analysis of current and future attack methods to ensure that they can provide the council that businesses of today are seeking.” Gerhard Pretorius, the Chief Technology Officer at Wyzetalk, believes the traditional role of the CIO has evolved into one that combines technical insights with practical know-how to deliver business value in real-time. And fundamental to this is the importance of communication inside the organisation. “In the connected environment, employees have access to information not only from inside the business but also externally in their personal capacities,” said Pretorius. “All these data sources combine to change their expectations on internal service delivery. “For example, an employee used to contact the HR department to request information about a pay slip, leave or a bonus and it might CIOS NEED TO TAKE THE INITIATIVE AND SHOWCASE THE STRATEGIC VALUE THEY BRING TO THE BUSINESS. 42 INTELLIGENTCIO take a few days for the team to respond. Today, the speed of interaction between the information available and the employee has changed dramatically. Now, it is all about providing feedback at a much faster rate. Internal mobile apps and enhanced intranets deliver richer functionality that empower staff to be better informed than ever. “With information being readily available, CIOs need to manage internal expectations as much as external ones when it comes to dealing with important queries. Staff expect feedback instantly and the solutions need to be in place that can facilitate this. “Of course, with the n ature of information storage changing, CIOs need to be more acutely aware of the risks associated with keeping data safe. What used to be locked up inside a server or document room is now typically stored in a cloud environment. Cybersecurity therefore becomes a key part of the CIO journey into the digital landscape. And with this, comes a growing realisation of the compliance requirements associated with data management, whether that is from an employee or a customer. “This real-time environment is also resulting in an increasing reliance on mobile devices to keep employees informed. The risk with this is that many employees rely on their personal phones and tablets to manage their professional and personal lives. “Beyond the typical security measures that must be taken in this BYOD (bring your own device) environment, employee education must be a priority. People use their own devices to instant message friends and family. They also use these consumer-focused solutions to engage with clients, do their banking and share sensitive information. The CIO must therefore develop new service channels to address this and see less of a reliance on legacy applications.” CIOs in a digital environment therefore need to understand not only the technology innovation taking place but be able to practically apply it to the organisational strategy especially in terms of employee awareness. This requires a more agile mindset and willingness to adapt to digital times. The CIOs who are best able to deal with that, will be the ones that help drive business success. n