TIN’s CEO Chat series is designed to draw reflections from our TIN member company CEOs on best practice ideas and actions for tech sector success. The topic of discussion for our August CEO Chat focused on ‘Cybersecurity’; a theme inspired by Datacom CEO Greg Davidson’s comment that cyber threats for business are far bigger than what’s being acknowledged.
Participants in the virtual roundtable discussion included Darryl Grauman of AWS; Matthew Evetts of Datacom; Kimbal Riley of Vista Group; Bill Chatwin of DataTorque; Graham Grant of Seequent; and Stuart Wilson and Gaurav Doshi of Modica Group.
THE GROWING THREAT OF CYBERSECURITY
TIN Managing Director Greg Shanahan kicked off the discussion by asking participants why cybersecurity was so important, and whether they believed the threat was intensifying.
Matthew Evetts, director of cybersecurity at Datacom, is responsible for cybersecurity advisory services in NZ and managed security throughout Australasia. He says customer data shows that overall awareness of cybersecurity is growing exponentially, and that the threat of attacks is growing.
“The sophistication and volume of the attacks, along with the difficulty in addressing them, is definitely intensifying,” he said.
“The fall-out from cyber-attacks is huge. We’ve seen recent cases where the impact on human lives is very real – we’re here to help lessen those impacts and address the core issues.”
Bill Chatwin is the managing director of Wellington-based DataTorque, a technology company which develops revenue management systems for government organisations around the world.
“Managing the cybersecurity threat is a growing part of the landscape for DataTorque,” he said.
“We’ve got to balance making it easy for our customers, while at the same time keeping out the hackers. With the high-profile cases that have occurred both nationally and globally, there’s more focus on it now than ever before.”
Stuart Wilson, CEO and founder of enterprise messaging solutions provider Modica Group, says protectionism is very much part of the discussion these days. His company has been beefing up its cybersecurity personnel over the past 18 months, recently appointing Gaurav Doshi as its Head of Security with a remit to expand the team.
“Our digital economy will fail unless we put security first”Stuart Wilson, CEO and founder, Modica
“Our digital economy will fail unless we put security first,” he said.
Kimbal Riley is CEO of Vista Group which provides software and technology solutions for the global film industry. He believes cybersecurity is vital, but it requires work and tenacity.
“It’s certainly becoming an increasingly larger part of the business to protect ourselves and our businesses, but we have to keep working on it,” he says. “The regulations around personal data are becoming more complex and challenging to navigate, especially for a business like ours that operates in multiple jurisdictions.”
Graham Grant was appointed to the CEO role of mining software company Seequent three months ago, shortly after a US$1 billion takeover bid from US-based Bentley Systems. His previous experience in the financial services sector first exposed him to the issues of cybersecurity more than a decade ago.
“Ten to fifteen years ago, when I worked in fraud sanctions in the UK, we saw incredible levels of sophistication emerging, such as real-time attacks on online banking transactions.
“My observation at the time was that New Zealand was dodging a bullet, but it was only a matter of time before we caught up to the rest of the world.”
THE VALUE OF DATA
Much of the recent growth of the ICT companies that TIN tracks is based on the growth of cloud-based services. The security of these services is key.
“In the past, the mining industry has tended to be a laggard in digital transformation, but that’s now changing,” said Graham Grant. “Customers are now seeking assurance that the high-value data they have stored on our cloud is super secure. We’ve had to ramp up considerably in the past 18 months.”
This was a view echoed by Datacom’s Matthew Evetts. “So much of the value of a company is tied up in its data,” he said. “Protection of the value of the data is so core to the discussion right now.”
Modica Group’s Gaurav Doshi believes cybersecurity is fast being accepted as a tool to manage and optimise risk.
“The environment is changing - customers are becoming increasingly aware of the security obligations they have to external stakeholders. It’s becoming a standard very, very quickly – an expectation in addition to being a competitive advantage,” he said.
Given the nature of its business with a range of Independent Software Vendors, Amazon Web Services (AWS) has implemented risk mitigation measures as a way of ensuring partners have basic security policies and procedures in place.
“We’ve introduced a Foundation Technology Review which we conduct before we can open the doors to co-sell with a lot of our partners,” said Darryl Grauman, principle partner manager at AWS.
“We know that compliance comes at a cost. We also know that resources are thin, and our organisations want to keep developing and releasing products to their customers, so we’re helping with specialist resource to assist in the completion of the review, as well as remediation.”Darryl Grauman, Principle partner manager, AWS “Security is of utmost importance and it’s important that technical and operational security is continuously validated."
“We know that compliance comes at a cost. We also know that resources are thin, and our organisations want to keep developing and releasing products to their customers, so we’re helping with specialist resource to assist in the completion of the review, as well as remediation.”
Datacom’s Matthew Evetts added, “Getting those basics established goes a long way towards getting the data protection that’s required. We try to get a good sense of how well a company is doing the basics first before putting in place other assessment and security controls.”
FIRST AND LAST LINE OF DEFENCE
People are the first and last line of defence when it comes to cybersecurity, according to Modica Group’s Gaurav Doshi, and he says that client and employee education is key.
“Education is a key part of strengthening an organisation,” he said. “You want people to be aware of the things they should be looking out for and doing.
“In my experience, I’ve seen people becoming strong advocates for security once they’re able to personalise it, and once they’re able to see the value of security both at home and at work.”
In addition, there were untapped opportunities for companies to share experiences and best practice with other organisations, according to Seequent’s Graham Grant.
“There’s nothing competitive about it – everything’s additive. Those who have been through it should share their experiences with others. I don’t think best practice is widely shared at this stage, but I believe there are opportunities for collaboration.”
The complex question of data sovereignty was raised, and participants agreed it further compounded an already multi-layered environment, where technology had outpaced legislation.
Stuart Wilson believed that additional red tape and restrictions around security risks stifling innovation.
“It’s important to understand security but I don’t think there should be a technical or legal barrier to having a good idea,” he said. “Following correct security guidelines should still enable companies to be nimble and innovate.”
His colleague Gaurav Doshi added, “My ideal scenario would be if we could simplify the language and try to break down barriers so people can apply some basic principles in the way they operate, while at the same time understanding business risks. It’s important to have a holistic view of the business.”
Free TIN Report?
Trend Analysis. Research Tool. Prospecting List.
Become an official member of TIN and receive your copy of the Report at no added cost, plus discounts on exclusive events, opportunities to increase your company's profile, and connect with industry & government leaders.
Share this Post