The Importance of Adopting Globally Recognized Information System Management Frameworks
Nigel Hedges, Group Head of Cybersecurity, Kmart and Target
Nigel Hedges, Group Head of Cybersecurity, Kmart and Target
For Nigel Hedges, Group Head of Cybersecurity at Kmart and Target, his key responsibility is to protect the data and security of Kmart Group, millions of customers and thousands of team members and to ensure that Kmart is responsible custodians of the data we keep. He works closely with other operational and strategy setting teams across many disciplines within technology and the business.
On a day to day basis, this can range from attending project meetings that require some form of priority attention, or operational meetings. More and more, Hedges is spending time on strategic initiatives. He works quite closely with team members who span security operations and engineering, cyber architecture & design, testing, incident response and our project coordination. These days Hedges’ role is more to support the wider cyber team, and try to keep things moving.
Following is the conversation we had with Hedges.
In recent years, the Asia-Pacific (APAC) region has become increasingly attractive to cybercriminals. According to IBM X-Force Threat Intelligence Index 2022, Asia was the most attacked region in 2021, receiving 26 percent of the global attacks. India tops the list of the most attacked country in Asia. Your views on this.
My view is that organized crime and financially motivated actors have considered the geographical regions which are under-invested or have immature governance structures around cyber.
At Kmart Group we have cyber security teams based both in Australia and in Bangalore with rigorous cyber security systems in place. An appropriate course of action that these regions can make is to consider adopting a three lines of defense model that adopted in more cyber-mature regions, consider adopting globally recognized information system management frameworks, and ensuring that company leaders and directors are educated.
Why should organizations recognize that investing in skilled cybersecurity professionals and building a team is essential for long-term success?
There is too much anecdotal evidence in the industry that shows that insufficient investment in cyber actually results in larger costs down the track. This can be from any inevitable compliance activity, or it can be the result of a data breach. Compliance is reactive, whereas a skilled and capable cyber team permits for all sorts of proactive, preventative engagements.
An Appropriate Course of Action that these Regions can Make is to Consider Adopting a Three Lines of Defense Model that Adopted in more Cyber-Mature Regions, Consider Adopting Globally Recognized Information System Management Frameworks
The net result is catching poor security decisions in design, rather than in production. Creating cyber capability should be built alongside establishing a risk-driven cyber culture. This will breakdown silos and unnecessary internal resistance – as organizations slowly recognize cyber is here to help not hinder. This takes time, but the results are a more secure organization and cost effectiveness.
What would be your piece of advice for your fellow peers and leaders?
There is a lot of power in connecting to local tribes of likeminded Cyber professionals that work in your geography. This is not limited to meet-ups and special interest groups, it can just be lunch or workshop with other cyber leaders. Don’t be limited by sector or industry. Sharing information about topics and themes of concern allows us to learn from each other. My advice is simple, don’t do this alone. It is guaranteed that someone else out there is having similar cyber challenges and issues, and other folks might have some great advice on how to solve problems. The best thing about this, is that you’ll be able to pay it forward when someone else in the future has cyber problems that you can provide advice or encouragement on.
Weekly Brief
Read Also
