Ayanda Peta – Group Head of Cybersecurity at African Rainbow Minerals (ARM)

Leading the cybersecurity transformation for African Rainbow Minerals (ARM) is Ayanda Peta, its group head of cybersecurity, who says that while convergence of operational technology adds efficiency and safety, it brings real cyber risks as a result of it expanding the attack surface.

“A cybersecurity strategy has to be in the context of the business,” he says. “Irrespective of industry, every business is exposed to cyber threats, and any business could be a victim of a potentially paralysing cyber attack; the bad actors have evolved and organised themselves into being businesses and are targeting particularly critical infrastructure.

“Ransomware attacks are increasing at an accelerated rate and it should be any organisation’s imperative to ensure there is strong capability and capacity to respond to such and other attacks.

It is not if, but when, these will occur. With the surge of artificial intelligence (AI), our work has become harder, as the power of AI benefits both bad and good actors.”

Peta adds that despite challenging economic times, cybersecurity investments should continue to be top priority. However, he places the onus on cybersecurity custodians to present a complete business case for their cybersecurity programme. Security leaders should demonstrate how investment in cybersecurity has supported business objectives and resulted in improved protection of business operations. He further advises that a cybersecurity programme should be accompanied by a parallel cyber measurement programme that links outcomes-based metrics that can be understood by business.

“Cybersecurity custodians are attracting prominence at an executive and board level. Organisations have started to view cyber risk as a critical business risk that requires top-level engagement and business decisions.”

He notes that the US Security Exchange Commission (SEC) recently gave a directive for all American public companies to disclose cybersecurity expertise at the executive level. Peta expects that other countries will follow suit with such a requirement.

“My primary pain point is taking users on the cybersecurity journey, which requires a human-centric approach. ICT should not be revered and put on a pedestal, but understood, used and demystified by applying an ongoing people-first change management process.

“No person or business is a cybersecurity island; cybersecurity skills and expertise are scarce. Business must understand the security services of technology providers. I appreciate the understanding of the cybersecurity services that MTN offers to organisations.”

With a career grounded primarily in cybersecurity, Peta says his career highlights include having acquired breadth and depth in cybersecurity experience achieved over three milestones; he started his career as a security service provider delivering technical projects to clients, before moving into cybersecurity consulting and helping and advising businesses in their cybersecurity approaches.

“Now, I lead ARM’s group cybersecurity, from strategy to execution, and am responsible for its success. What gets me up in the morning is the drive to make my role a success. However, what keeps me awake at night is that the threat of a cyber attack is not going away and my team and I have to be constantly ready to respond to any attack.

“My advice to anyone considering a career in ICT, wherever they wish to focus, is to get project experience, which is fundamental. Constantly fuel your drive to learn and accumulate professional qualifications. Take ownership, initiative and immerse yourself in your role - contribute value.” he concludes.