Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Blue Label Telecoms to change its name as restructuring gathers pace

      11 July 2025

      Get your ID delivered like pizza – home affairs’ latest digital shake-up

      11 July 2025

      EFF vows to stop Starlink from launching in South Africa

      11 July 2025

      Apple plans product blitz to reignite growth

      11 July 2025

      Nissan doubles down on South Africa despite plant uncertainty

      11 July 2025
    • World

      Grok 4 arrives with bold claims and fresh controversy

      10 July 2025

      Bitcoin pushes higher into record territory

      10 July 2025

      Cupertino vs Brussels: Apple challenges Big Tech crackdown

      7 July 2025

      Grammarly acquires e-mail start-up Superhuman

      1 July 2025

      Apple considers ditching its own AI in Siri overhaul

      1 July 2025
    • In-depth

      Siemens is battling Big Tech for AI supremacy in factories

      24 June 2025

      The algorithm will sing now: why musicians should be worried about AI

      20 June 2025

      Meta bets $72-billion on AI – and investors love it

      17 June 2025

      MultiChoice may unbundle SuperSport from DStv

      12 June 2025

      Grok promised bias-free chat. Then came the edits

      2 June 2025
    • TCS

      TCS+ | MVNX on the opportunities in South Africa’s booming MVNO market

      11 July 2025

      TCS | Connecting Saffas – Renier Lombard on The Lekker Network

      7 July 2025

      TechCentral Nexus S0E4: Takealot’s big Post Office jobs plan

      4 July 2025

      TCS | Tech, townships and tenacity: Spar’s plan to win with Spar2U

      3 July 2025

      TCS+ | First Distribution on the latest and greatest cloud technologies

      27 June 2025
    • Opinion

      In defence of equity alternatives for BEE

      30 June 2025

      E-commerce in ICT distribution: enabler or disruptor?

      30 June 2025

      South Africa pioneered drone laws a decade ago – now it must catch up

      17 June 2025

      AI and the future of ICT distribution

      16 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CambriLearn
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Company News » Don’t let security be the handbrake of innovation

    Don’t let security be the handbrake of innovation

    Promoted | A recent roundtable conversation, led by CYBER1 Solutions, unpacked the issues around innovation in the cybersecurity space.
    By CYBER1 Solutions17 November 2022
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp
    Delegates at a recent CYBER1 Solutions roundtable at the Saxon

    The nature of cybersecurity is undergoing rapid evolution. Cyberattacks are becoming more frequent and sophisticated.

    We’ve seen severe business outages in every sector. Whether you’re in finance, infrastructure or healthcare, If you’re making money, you can expect an attack. Cybersecurity teams continue scrambling to respond to these attacks as cybercriminals continually evolve their tools and techniques.

    The massive growth in technology adoption, with many businesses embracing digital transformation, has necessitated a vastly different approach to security. The need to be more innovative in cybersecurity is becoming increasingly necessary.

    With this context in mind, an illustrious group of industry leaders gathered at the Saxon in Johannesburg on 10 November for a roundtable discussion to discuss the issue. We highlight some of these perspectives in this article.

    On the shifting landscape of cybersecurity

    Threats continue to evolve. As businesses continue to adopt and move toward digital transformation, it requires a commensurate investment in cybersecurity. Cybercriminals continue to evolve their tools, leveraging new technologies faster than traditional businesses that need to justify their investment and spending.

    For example, attackers are using AI to create “deep fake” videos of company leaders sharing a story and sending it to businesses to trick employees into clicking on a malicious link.

    The channels of security threats also continue to evolve. Previously, threats were easier to manage as they came through e-mail and on a PC or laptop. With the introduction of mobile technologies, remote working, and different communication and social platforms, such as WhatsApp, Slack and Discord, it is becoming increasingly difficult to manage and manage and protect these channels. Hackers can now use emojis to run exploits.

    Given the shifting nature of security, it is increasingly important to create a culture of risk and security and utilise new technologies to augment security capabilities.

    On security skills

    Skills, or the lack thereof, is a massive challenge. Diversity, including gender diversity in cybersecurity, also remains a challenge. Companies are struggling to hire these skills and capabilities. Hiring practices are not adaptable enough. Businesses have stringent policies requiring X years of experience with master’s degrees and information security certifications. Without these, one is not even invited to the interview. Yet Uber was recently hacked, and the attacker was a 17/18-year-old affiliated with a hacking group called Lapsus$, whose members are mostly teenagers.

    Another challenge is that “red team” hackers often play in the “grey zone”. Red teams are simulated adversaries, attempting to identify and exploit potential weaknesses within the organisation’s cyber defences, identifying the attack path that breaches the organisation’s security defence through real-world attack techniques. For these attacks to be simulated as close to the real world as possible, they have to use sophisticated tools that real attackers would ordinarily use. This means that these individuals, while not malicious by nature, may be flagged by organisations’ integrity checks and completely overlooked by the hiring organisation.

    A rethink of how we hire, particularly in cybersecurity, will help improve innovation in the field. As an industry, we need to consider more innovative approaches to hiring. Adopting an approach of “trespassers will be recruited” may be a more effective way of hiring individuals to improve the overall security posture.

    On localisation

    Localisation remains important. As South Africans, we must embrace our differences and not rely on purely international companies to develop solutions for us. We have different languages and cultures to which we must tailor our security efforts. Making content locally relevant will improve overall adoption.

    This is also true of the rest of Africa. In these regions, digital and technology adoption is very different. There is a lower spend on security, the government more highly regulates cloud adoption, and regulation is not friendly towards technology. In these instances, we must constrain our thinking to innovate and effectively improve security in these environments.

    On third-party risk

    Third parties are challenging to manage, and yet, to improve innovation, we have to rely on a broader ecosystem strategy. Using third parties is necessary; however, as a business, the ultimate accountability for any data breach lies with the business as the custodian of the data. A breach brings disrepute to your company and not the third party’s.

    In some instances, third parties are not only technology third parties but general service providers, such as in the supply-chain space. If third parties are not managed more effectively, it may be the weak link that breaks the chain.

    Ideally, third parties should be treated like internal employees. However, taking responsibility for third-party security could mean increased licensing, cyber-assessment and training costs.

    On audit

    Moving away from an audit approach to a combined assurance approach has proved to be valuable where this has been successful.

    Audit cannot be a tick-box function that uses its findings as a stick against security. There needs to be mutual respect, with audit be seen as a partner, helping achieve the same goals.

    We must be careful that auditors do not set the security agenda. Money often chases the audit findings, yet auditors don’t take accountability when something goes wrong. It is crucial that we bring auditors along with us on the cyber journey and ensure that findings are relevant and add value.

    On the changing role of the CISO

    The role of the chief information security officer has fundamentally changed. A CISO today has to wear many hats. They not only manage risk, protect data and oversee the protection of critical infrastructure, but they need business and strategy skills to articulate the value and importance of information security. They need to lead large groups of very technical people, be people-orientated to create an inclusive culture of security, and be ethical beyond measure, as they hold the keys to the company data. They also need to be innovators, always looking for new ways to improve the security posture while balancing risk.

    On enabling innovation in business

    Innovation and security are often seen as water and oil. They don’t mix well. Getting it right is a tricky balancing act. In one instance, the security team looked at the code for the winning innovation apps in a major bank. While these apps were innovative, they lacked the basic security measures that needed to be implemented, especially when dealing with sensitive information.

    When innovating, it was suggested that this is the first date, and not a marriage. However, the challenge is that if a relationship is not built on solid foundations, the marriage may crumble. Finding the balance to bake in security from the onset is necessary to innovate and avoid any security technical debt.

    Dev teams must embrace a security mindset and security must play a bigger role in ensuring security is baked into the solution as it scales.

    There is no doubt that this is a tricky balancing act. Businesses must innovate to keep up to pace with disruptive entrants, and security cannot hold back this innovation. At the same time, we need to create a culture of DevSecOps, where security is considered early in the innovation process. This is especially difficult in businesses that have capacity and skill constraints.

    Building solutions that have strong security can be a competitive advantage and is more likely to be adopted than those technologies that aren’t secure.

    Capacitating your teams, embedding security in the business, and changing the culture are all needed to improve overall innovation capabilities.

    On ‘attack surface reduction’

    An attack surface is essentially the entire external-facing area of the business. As we digitise, cloud-up and connect, our attack surface is broadening, and so are our attack vectors and vulnerabilities. As security professionals, we need to understand our network, reduce these attack surfaces, and strive for a smaller blast radius. We should leverage new technologies such as machine-learning models and tools to help augment our security capabilities and improve our mean time to detect and respond so that the blast radius is minimised.

    In closing

    Cybersecurity is complex. There are a lot of moving parts. Changing our mindsets is incredibly important. The quality of the answer is dependent on the quality of the question. We need to start asking different and better questions, which often leads to better answers and ultimately improved security and innovation.

    To use the analogy of a car, the better the brakes, the faster we can drive. But let’s not make security the handbrake of innovation.

    About CYBER1 Solutions
    CYBER1 Solutions is a cybersecurity specialist operating in Southern Africa and East and West Africa, Dubai and Europe. We provide innovative, agile end-to-end security solutions to support our customers at every step along their security transformations.

    • This promoted content was paid for by the party concerned


    CYBER1 CYBER1 Solutions
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleGet the latest tech from Digital Generation at preferential leasing rates
    Next Article Leveraging technology to upskill health workers

    Related Posts

    SAPS cannot fight cybercrime on its own

    12 March 2025

    TCS+ | CYBER1 Solutions on choosing a managed security service provider

    15 October 2024

    SA security experts name identity as first line of defence against online threats

    13 August 2024
    Add A Comment

    Comments are closed.

    Company News

    $125-trillion traded: Binance redefines global finance in just eight years

    11 July 2025

    NEC XON welcomes HPE acquisition of Juniper Networks

    11 July 2025

    LTE Cat 1 vs Cat 1 bis – what’s the difference?

    11 July 2025
    Opinion

    In defence of equity alternatives for BEE

    30 June 2025

    E-commerce in ICT distribution: enabler or disruptor?

    30 June 2025

    South Africa pioneered drone laws a decade ago – now it must catch up

    17 June 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.