ITWeb Brainstorm – Don’t fight the system

February 7, 2023

The last few years have seen businesses in every sector strive to digitise quickly and invest in cloud and other innovative technologies as a way to implement new business models to support the new way of working. This transition happened smoothly for the most part, due to the ICT industry being led by logical and technical people. However, while this has been integral to past success, what makes us great today is not necessarily what is needed to build the change agents the world needs for tomorrow.

So says Edison Mazibuko, Technical Director at CYBER1 Solutions. “In a major way, the new paradigm of “digitise or die” fuelled an opportunity for businesses to re-imagine how services are developed and operations are run. However, while companies are now comfortable with being agile and innovative, they still have to build cyber resilience to ensure that this digital world is properly secured. This is driving the need for a business model overhaul.”

Evolving roles

In addition, he says the role of security leaders is changing. “Organisations are expecting a lot more from us, which in turn, means we need to look at our businesses through a different lens. Today, we need to execute digital transformations, handle business restructures, mergers and acquisitions; adjust to economic swings and roundabouts; and integrate and revitalise cultures at a rapid pace to keep up with the needs of the business.”

For Mazibuko, creating this sustainable agility and driving social change will rely solely on bold, forward-looking, business-conscious leadership. “The megatrends we are seeing today are rendering business models obsolete at a rapid pace. This is seeing every business leader have to ask how they can create value, as well as evaluate how that value is improving the business and helping it achieve its strategic goals.”

A ‘systems thinking’ approach

To navigate this new landscape, make the right decisions, and achieve cyber resilience, Mazibuko says businesses need to connect the dots because resilience is based on several main pillars, namely financial management, reputation, relationships, a higher purpose, and experiences and expertise. “Focusing on these helps to develop systems thinking, and moves business leaders away from being purely logic-driven, and following a linear cause-and-effect way of thinking that is normally used to solve challenges.”

He says systems thinking is a holistic approach to analysis that focuses on the way that a system’s building blocks interrelate, and how systems work over time, and within the context of a larger system. In this way, no decisions that will make organisations resilient can happen in isolation of the megatrends that are dramatically affecting how they operate, he explains.

An era of megatrends

One such trend is convergence. “There is a lot of convergence happening in the market today. This is happening between many verticals and various domains, and we are seeing vendors merging with other vendors, blurring the lines. There are very few ‘pure play’ companies anymore – telcos are now doing what banks traditionally do, and vice versa, for example.”

The fight against inflation and accompanying high interest rates are other factors that will cause ripples throughout the industry. “This will affect how a lot of entities make decisions. While many have not yet felt its effects, it is already happening, and by the time it kicks in, those who were forward-thinking and prepared will be better placed for the future.

New tech, new risks

Security leaders also need to consider the risks that they might introduce into their environments through new technologies. Most organisations are already planning artificial intelligence, big data, blockchain, and machine learning projects. “These are already being implemented in big enterprises, and have seen the rise of the chief data officer, or CDO. Businesses are realising they can gain real insights from their data that will help them make better decisions, and again, this feeds into the need for a business model redesign,” he explains.

Unfortunately, while all this innovation is happening, too often, security is not, and instead of being built into solutions from the ground up, it is tacked on as an afterthought. “Traditionally, security has been seen as an inhibitor of innovation, and this needs to change. This is why security needs to form part of the innovation conversation from day one before any technology decisions are even made. This is the only way that security will finally be viewed as a business enabler instead of a blocker.”. Having security professionals who don’t just keep abreast with the latest threats and vulnerabilities. Keeping an eye on web 3.0, robotic process automation (RPA), blockchain, artificial intelligence, and big data technologies will be very beneficial.

A mindset overhaul

Today’s security leaders need to understand where the business is going, what its goals and objectives are, and what it will take to achieve them. They need to understand and mine their big data, they need to store it, and they need to secure it, and to do this quickly, they need to move into the cloud. They need to understand all technology investments, and not only how they can benefit the business, but the potential risks they can introduce too. All these points need to be connected. They cannot sit back and be reactive, waiting for the business to make technology decisions and responding to them. Good security people must be willing to expand their mindsets and think broadly, and out of their comfort zones. They must have a greater contribution to the organisation’s operating model.

Although technology is what invited the CISO to the table, it’s not what will keep them there, he ends. “If you’re not constantly expanding your knowledge and learning and the business side of things, including how to interact with other various business units, your seat won’t be open much longer. A ‘systems thinking’ approach is about understanding that, and about constantly having these megatrends at the top of mind, to help your organisation become truly cyber resilient.”