FEATURE
Anna Collard, MD at KnowBe4 Africa
Collard says she had the pleasure of
speaking to Hosea, CISO at Stanbic
Uganda, during a panel discussion
at the Africa Cyber Security Culture
conference. According to Hosea,
the pandemic has helped leapfrog
security investments that would have
taken much longer to get management
approval for prior to COVID-19. Many of
the speakers and panellists shared this
view – that the pandemic had a positive
impact on both Digital Transformation
and cybersecurity investment.
“A common thread throughout the
conference and the result of research
conducted by Orange Cyber Defense
was that basic security failures such as
poor patching, as well as not addressing
people’s behaviour, are some of the root
causes most often linked to security
breaches,” said Collard. “People right
now are more vulnerable, as they are in a
state of heightened psychological stress.
Security teams have less control over the
systems they are supposed to protect, for
example, personal devices and home Wi-
Fi routers. Many had to rush into setting
up remote work infrastructure without the
necessary planning and testing. Security
budgets had to be re-prioritised to
improve the technologies and processes
of their remote working infrastructures
and to make these stable and secure for
the long run.
“With budgets under greater pressure,
CISOs need to construct resilient and
data-driven cybersecurity programmes
based on a deeper understanding of the
risks their organisations are exposed to.
“According to ESI ThoughtLab’s report
published in June 2020, successful
CISOs and effective cybersecurity
leaders rely heavily on advanced
analytics, conduct frequent cyberrisk
scenario analysis, invest more
in security culture and end-user
awareness training coupled with
frequent phishing simulations, and
make cybersecurity hygiene, such as
patching, a top priority.”
Alain Sanchez, EMEA CISO, Senior
Evangelist at Fortinet, says that even
the most far-sighted of business
leaders did not see the current remote
working setup coming. “No contingency
plan that I know of had forecasted
that almost the entire workforce was
grounded in just a couple of days.
Even Telcos whose transport practices
earned them the terminology of carriergrade,
were initially taken by surprise.
Investments are
going massively
to platforms that
make openness and
standardisation a
core value.
But very rapidly, the importance of
securing these traffics that were
literally business critical, emerged as
the immediate priority. Security could
not be traded for connectivity and the
irresponsible hackers that squeezed
themselves into video conferences that
did not implement the full authentication
options, did in fact do the digital world
a favour by accelerating a security
wake-up call.”
The current situation urged emergency
investment steps and Fortinet, for
instance, saw its SD-WAN revenues
growing significantly.
“Already recognised by the Omdia report
as the fastest growing vendor among
all other SD-WAN vendors, Fortinet
reported 305% year-over-year growth
in the SD-WAN area,” said Sanchez.
“This massive adoption of the holistic
approach of cybersecurity incarnated by
the Fortinet Security Fabric, says a lot
about the maturity leap created by the
recent crisis.” Sanchez says the times
of disjointed and budget-consuming
‘best-of-breed’ are over and poses the
question of whether the huge demand
for broader, integrated and automated
cybersecurity platforms is an indication
of IT budget expansion.
“Too many products lead to too many
alerts which puts a tremendous amount
of stress on the cybersecurity staff.
Investments are thus shifting towards
solutions that not only enable visibility,
reporting and analytics for all ‘on
platform’ devices and endpoints, but
also enable multi-vendor incident
detection to finally lead to unified
orchestration of the response across
the entire infrastructure.
“Business leaders hate to be
locked in, so they rather invest in
open, standardised solutions that
offer a wide range of documented
APIs and connectors not only to
ensure seamless integration, but also
to maintain the freedom of choice
of strategic vendors such as cloud
providers and Managed Security
Service Providers. The same is
happening in the cybersecurity world,
investments are going massively
to platforms that make openness
and standardisation a core value,”
said Sanchez. u
Alain Sanchez, EMEA CISO, Senior
Evangelist at Fortinet
50 Issue 28 | www.intelligentciso.com