Government agencies and policymakers must embed Information Security best practices from a more holistic approach that includes people, culture, and values to protect its sovereignty.
This is an exclusive interview conducted by the Editorial Team of CIO News with Oyedayo Otokiti, Chief Information Officer at Lagos Business School, Pan-Atlantic University.
About Oyedayo Otokiti:
Oyedayo Otokiti has a career spanning nearly two decades across industries in information security, IT service management, risk management, and digital transformation. He currently leads a team of professionals responsible for information technology strategy and implementation as the CIO at the prestigious Lagos Business School (LBS). Oyedayo holds a master’s degree in information and communication engineering and an EMBA.
What is your information security and risk management strategy? How do you govern information security and risk management?
Our strategy aims to get maximum benefit and value for organisational assets with adequate risk mitigation plans. It combines several more precise factors, starting with SOPs (standard operating procedures) and policies that indicate an acceptable use of information and how and when it can be shared, provided it is permitted. We combine this with authentic and strong leadership leveraging industry best practices, controls, and security policies within the enterprise with the understanding that people are subject to emotions and imperfections. All these are achieved with a wide range of tools that provides malware protection, incident management, and access control. We also monitor the adequacy and effectiveness of the controls through VAPT(vulnerability assessment and penetration testing), and internal and external audits.
What can organisations do to identify vulnerabilities in their information security programme?
Organisations with stagnant information security programs will always have vulnerabilities. The key is to adopt a continual security improvement approach that repeatedly tests or evaluates the security posture based on changes such as technological advancements, upgrades, and of course, human factors. To stay safe, we must develop a culture that trains and promotes information security best practices across our ranks. Humans remain the weakest link to our information security assets as they are vulnerable to emotions and cannot always remain alike.
How can risk management help identify, assess, and control financial, legal, strategic, and security risks to an organisation’s capital and earnings?
Practically, risk management achieves this objective, by first, identifying security threats like malware and ransomware, plus accidents, natural disasters, and other possible dangerous events that could affect the workforce negatively or hamper business operations.
Next is risk analysis, which involves establishing the probability of a threat event and the possible outcome of each of such events. Then all the identified risks are evaluated to determine each one’s magnitude before ranking them according to prominence and consequence.
At the final stage, risk management plans and develops methods and alternatives to mitigate threats to an organisation’s project objectives with close monitoring of the process.
How can the knowledge of information security in private establishments and organisations profit the public sector and help strengthen national security policies?
The valuation of future companies will depend on their capacity to effectively leverage their digital assets. National sovereignty in the future will be at risk if sensitive information and protection responsibilities are outsourced. The security of digital assets must be taken seriously and done with intention by senior executives in the public and private sectors. Endpoint protection agents can be weaponised under severe pressure from state agents or governments so this is a concern that requires a proactive approach, as the cost of being reactivated after a compromise or breach can be too costly for cooperations to bear.
Government agencies and policymakers must embed Information Security best practices from a more holistic approach that includes people, culture and values to protect its sovereignty. Technocrats must understand data privacy or information security-associated risk and take progressive steps.
What challenges have you faced in your career path as a technology leader? How did you overcome them?
First and foremost, choosing a specific aspect to specialise in is usually a big challenge, given the fact that each of the various areas of digital technology is interesting and dynamic. But everyone operating in the cyber security space must make that vital decision to make maximum impact in his career.
Another nagging issue is the reluctance or unwillingness of many business owners to welcome the technology that can help their organisation, both in the short and long run. Oftentimes, the major reason for such a negative disposition is the variable cost of adding the new technology to the existing ones.
To overcome the challenge, I had to communicate the need to adapt and change often to the concerned organisation, as that is the winning strategy to remain relevant among competitors.
Leveraging your years of experience and perspective, what challenges limit the effectiveness or penetration of digital technologies and your prescribed solutions?
Technology thrives behind competent people. The turnover of technology talents is now very high as new skill sets are required for today’s work that only a few possess. New skill sets become irrelevant after a few years and require constant learning to keep up with the changes.
Information Security: Information and cybersecurity continue to be a source of concern for business as there remains a great vacuum to be filled and a need to secure enterprise resources from cyber criminals as technology adoption grows. Unfortunately, not all information technologists learn how to do their jobs securely. We have software developers, administrators, architects, and many more who are good at their jobs but need more training on security requirements.
Data management and protection: There is a saying that “Customer is King” I dare to say Data is King. Digital assets will be the basis for cooperating valuations in the future. Consequently, the ability of corporations to harness and effectively use data assets will be the deciding factor for growth or profitability. Protecting data from unauthorised users and adequately analyzing the data set for future insights will be key to how successful cooperation becomes.
Adoption and Change management: With the rate of change and introduction of new tools, it takes a change-adverse organisation to sustain its use. Most older generations are tired of embracing change as it has become too rapid for them to cope with. They unintentionally start to resist these changes or slow them down. CIOs and CTos must find a way to communicate changes and benefits to all stakeholders emphasising the value it brings and the danger of ignoring the required change.
Digital education and Change mindset: Businesses that should have embraced change faster are now extinct. Business leaders must approach digital channels and technologies with an open mind by embracing the changes it brings. The changes technology brings with the inclusion of AI and machine learning ensure that organisations and corporations that ignore them might not survive the next decade.
What strategies and recommendations do you have for CIOs to address security challenges beyond 2023?
Simply put, start with the business. When offering security solutions, information security professionals need to go beyond the realm of technology and its infrastructure. It is crucial to possess a comprehensive understanding of the business, including an insightful awareness of its associated risks. This encompasses risks related to staff, customer data protection, and privacy concerns, as well as regulatory and compliance risks that can be addressed effectively with the help of technology.
Any best practices, industry trends, or advice you would like to suggest to fellow technology leaders for their successful professional journeys?
Technology, like life itself, is very dynamic; it’s constantly evolving. Hence, we must keep learning and be flexible. Embracing and adapting to emerging trends is a must. AI and machine learning are changing the game, and our ability to understand its use, particularly how it will be helpful to our organisations if leveraged timely, could be a deciding factor for the future of our organisations. So, in terms of advice, we need to keep learning. Again, every technology expert should know and note that there is no ‘one-strategy-fits-all’ situation. In other words, what fits in company A might not apply to company B, given the peculiarity of the industry where each operates, on the one hand, and considering the differences in both organisations’ goals and vision, on the other hand.
Also read: How I use GenAI tools as a CTO?
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics