• Johan Prinsloo

Cyber risk and resilience

At Sanlam, we acknowledge the threat that cyber risk poses on our Brand, our Technology and Information systems, and most importantly, our Clients’ data. We view it as a risk that is quite unique in its nature, but nevertheless threatens the very continuity of our Business – A risk that is created by humans, is constantly adapting and changing and has the ability to move beyond the physical barriers in place to suppress traditional catastrophic risks.

We share the sentiments of our regulators, the World Economic Forum and ASISA, that we cannot defend ourselves single-handedly against this risk. Hence, we play an active role in our industry’s Computer Security Incident Response Team (CSIRT) and in sharing threat and response intelligence with other industry’s CSIRTs. We also believe in establishing intelligence feeds beyond industry level and are actively engaging with the Financial Services Information Sharing and Analysis Centre’s (FS-ISAC)’s Europe and Africa operations. Furthermore, we support the notion that one needs to establish a system of resilience that not only protects against the threats, but is also capable of responding to cyber incidents and crises. To assist us in fulfilling this view, we have secured the assistance of cyber incident and crises consultancies. As part of Business Continuity Management, senior leadership and technical management participate in cyber crisis simulations to prepare ourselves to manage a cyber crisis effectively.

Our active response to the risk is our cyber resilience strategy that has been in place since 2014. At a high level the strategy formulates 5 interrelated focus areas namely Intelligence (or early warning), protection, monitoring, detection and response (which includes cyber incident and crisis management). The controls we focus on are those required by the external framework that we align ourselves with, namely the Centre for Internet Security’s (CIS) top 20 list of prioritised information security controls. We use this framework because it is practical, based on our experience with real life incidents. We have extended the framework into a Sanlam Cyber Resilience framework that defines the “canvas” for all our efforts.

Our crown jewel risk assessment method is based on the IRAM risk management method of the Information Security Forum (ISF). We use this to identify and focus our efforts on our mission critical information resources. We also recognise that all entry and exit avenues in the network, on our systems and in our security processes need to be secured and are therefore executing a security architecture that ensures this.

Our monitoring and detection capability is realised through the use of technology that deals with the masses of event data and enables our blue team to sift through the data, looking for anomalies that spell danger. Our blue team members are formally educated and certified. As a team, they are trained through simulations by our cyber consultancies and we endeavour to keep improving their capability and maturity. The same holds true for our red team who strengthens the process by continually looking for gaps in our defence strategies.

We monitor emerging threats and adapt our controls in response to them, focusing specifically on any new advanced threat techniques. Our information Security Management System has been in existence since 2001. We have been ISF members since 2000 and frequently take part in their security benchmark.

Our solid efforts in maintaining a system that works to eradicate any cyber risks presented bears testimony to our commitment to protecting our clients’ data, hence contributing to ensuring successful outcomes for our members.

Cyber resilience checklist