The Importance of Adopting Globally Recognized Information System Management Frameworks

Nigel Hedges, Group Head of Cybersecurity, Kmart and Target
content-image

Nigel Hedges, Group Head of Cybersecurity, Kmart and Target

For Nigel Hedges, Group Head of Cybersecurity at Kmart and Target, his key responsibility is to protect the data and security of Kmart Group, millions of customers and thousands of team members and to ensure that Kmart is responsible custodians of the data we keep. He works closely with other operational and strategy setting teams across many disciplines within technology and the business.

On a day to day basis, this can range from attending project meetings that require some form of priority attention, or operational meetings. More and more, Hedges is spending time on strategic initiatives. He works quite closely with team members who span security operations and engineering, cyber architecture & design, testing, incident response and our project coordination. These days Hedges’ role is more to support the wider cyber team, and try to keep things moving.

Following is the conversation we had with Hedges.

In recent years, the Asia-Pacific (APAC) region has become increasingly attractive to cybercriminals. According to IBM X-Force Threat Intelligence Index 2022, Asia was the most attacked region in 2021, receiving 26 percent of the global attacks. India tops the list of the most attacked country in Asia. Your views on this.

My view is that organized crime and financially motivated actors have considered the geographical regions which are under-invested or have immature governance structures around cyber.

My personal opinion is that I think the increase in cybercriminal activities is more opportunistic than geopolitical in nature; however that remains a risk all the same. The results of the IBM X-Force Threat Intelligence Index seem consistent with other reports I have seen.

At Kmart Group we have cyber security teams based both in Australia and in Bangalore with rigorous cyber security systems in place. An appropriate course of action that these regions can make is to consider adopting a three lines of defense model that adopted in more cyber-mature regions, consider adopting globally recognized information system management frameworks, and ensuring that company leaders and directors are educated.

Why should organizations recognize that investing in skilled cybersecurity professionals and building a team is essential for long-term success?

There is too much anecdotal evidence in the industry that shows that insufficient investment in cyber actually results in larger costs down the track. This can be from any inevitable compliance activity, or it can be the result of a data breach. Compliance is reactive, whereas a skilled and capable cyber team permits for all sorts of proactive, preventative engagements.

An Appropriate Course of Action that these Regions can Make is to Consider Adopting a Three Lines of Defense Model that Adopted in more Cyber-Mature Regions, Consider Adopting Globally Recognized Information System Management Frameworks

The net result is catching poor security decisions in design, rather than in production. Creating cyber capability should be built alongside establishing a risk-driven cyber culture. This will breakdown silos and unnecessary internal resistance – as organizations slowly recognize cyber is here to help not hinder. This takes time, but the results are a more secure organization and cost effectiveness.

What would be your piece of advice for your fellow peers and leaders?

There is a lot of power in connecting to local tribes of likeminded Cyber professionals that work in your geography. This is not limited to meet-ups and special interest groups, it can just be lunch or workshop with other cyber leaders. Don’t be limited by sector or industry. Sharing information about topics and themes of concern allows us to learn from each other. My advice is simple, don’t do this alone. It is guaranteed that someone else out there is having similar cyber challenges and issues, and other folks might have some great advice on how to solve problems. The best thing about this, is that you’ll be able to pay it forward when someone else in the future has cyber problems that you can provide advice or encouragement on.

tag

Security Systems

Read Also

Streamlining Operations and Empowering Teams in Facilities Management

Streamlining Operations and Empowering Teams in Facilities Management
Shaye Rogers, Workflow Support Manager, Cushman & Wakefield
Technocreativity: The Synergy Of Technology And Creativity

Technocreativity: The Synergy Of Technology And Creativity
Tran Nguyen Phi Long, Group Head Of Retail Marketing, Pnj Group
Leading It And Digital Transformation At Ikea: Insights From An Industry Veteran

Leading It And Digital Transformation At Ikea: Insights From An Industry Veteran
Sigit Triwibowo, Head Of It And Digital, Chief Technology And Digital, Ikea
Executive Leadership And Digital Transformation In The Global Fashion Industry

Executive Leadership And Digital Transformation In The Global Fashion Industry
Eiko Ando, E-Commerce And Digital Director, Pvh Corporation
Digital Transformation in Fashion Retail - From Efficiency to Experience

Digital Transformation in Fashion Retail - From Efficiency to Experience
Le Van, CTO, YODY Fashion
Driving IT Transformation at Lactalis Australia

Driving IT Transformation at Lactalis Australia
Sabina Janstrom, Chief Information Officer, Lactalis Australia
AI Adoption in Hospitality: Striking the Balance Between Innovation, Excellence and Trust

AI Adoption in Hospitality: Striking the Balance Between Innovation, Excellence and Trust
Phiphat Khanonwet, Head of IT, Onyx Hospitality Group
The AI Rat Race - Keeping Up with New Technologies or Waiting for Maturity?

The AI Rat Race - Keeping Up with New Technologies or Waiting for Maturity?
Andreas Kurz, Global Head of Digital Transformation, ALFAGOMMA Group