With over 20-years of experience in managing all aspects of Information Technology, Favour Femi-Oyewole is the current G|CISO of Access Bank Plc. She is a graduate of Computer Science (BSc) – Ogun State University, with two (2) Master’s Degrees – MSc Computer Science – UNN and MSc Information Security – University of Liverpool, UK, a Doctoral student at the Covenant University, Nigeria. As one of our expert speakers representing the MEA region for Cyber World Congress, we sat down with her to discuss her main security concerns, her biggest challenges and how she’s balancing digitalisation and security.
Please introduce yourself and tell us a little about your journey in cybersecurity.
I am Favour Femi-Oyewole, the current G|CISO of Access Bank Plc. I have a deep understanding of Enterprise IT Security, Information Technology, IT Governance, Information Security best practices, Cyber Security, Business Continuity, and Risk Management, especially in a dynamic, demanding large scale environments, I have been able to distinguish myself by being the first female in Africa to be a Blockchain Certified Professional, the 1st woman in the world to win the Global Certified CISO (C|CISO) of the Year 2017 from the EC-Council in the USA and currently a member of the Global C|CISO Advisory Board. At the National level, I have served as a member of the Cybercrime Advisory Council in Nigeria with the Mandate of implementing Cybersecurity for all sectors in Nigeria and the pioneer Chair of the Standard and Evaluations Committee.
To me, Security is not an afterthought but must be embedded from the onset.
What are your main security concerns and what are you prioritizing at the moment?
A. In recent times, my main security concerns hover around cloud security, third-party risk supply chain, and remote work from home security, especially in a highly regulated industry like the financial industry. In retrospect, the increased drive on cloud adoptions has led to compliance violations, identity theft, malware infections, and data breaches as technology and cybersecurity functions in organizations wobble with weaving security in the cloud. This concern is heightened when one considers that the compromise of Single Sign-On or Federated Identity Technology could lead to unlimited unauthorized access to confidential resources; this has been a priority for me at the moment.
It is essential to have a solid security foundation, which is catalyzed by proper asset identification made possible by going back to the basics. This is because you can only secure what you know you have; this has been the major challenge across the industry in recent times, especially in large organizations like mine. With this in place, we would plug the security concerns across remote security and third-party security risks. With the introduction of the Internet of Things (IoT) and cloud services, there is no ostensible, easily safeguarded template that can keep all the data in and the attackers out of the system.
What have been the biggest challenges around COVID-19 for your organisation? And, how are you addressing them?
VPN was a major part of remote work, which became necessary for my organisation due to the national lockdown from the Covid-19 pandemic. Remote workers were an easy target of cybercriminals as their systems provided the ideal entry points into corporate IT ecosystems. Financial institution staff is more likely to use personal devices, and with home networks not being hardened to the same degree as corporate devices and networks, the attack surface became wider.
When it comes to mobile security, device management and application security are essential to these endpoints. Robust mobile policies, easy-to-implement and customize default profiles, over-the-air enrolment, antitheft provision, remote data wipe, and many other security features ensure comprehensive, secure device management.
What is your advice on balancing security and digitalisation?
Digitalisation and security must always align as new technology introduces new risks. So my advice to this question is always adapt security with the continuous digitalization trend.
What do the next 5 years hold for your industry?
In the next five years, security automation will be the world’s norm; Cybersecurity will not be only for the professionals. Even developers will use Artificial Intelligence to address vulnerabilities, detect security issues before they can be taken advantage of, and repel cyber-attacks immediately they start. Developers may embed AI in user interfaces to warn people about risky websites or poor-quality security.
Join Favour in the Middle East & Africa segment of Cyber World Congress at 12:25 GST for her presentation: ‘Rethinking our Approach to Security Talent by Embracing Diversity‘ for insights into how and why the MEA region should be looking to broaden it’s horizons when it comes to talent acquisition.
Secure a complimentary* pass and up to 16 CPE points by using discount code ACCESSBANK when registering online – world.cyberseries.io/register/
*Offer open to end-users only. Vendors and consultants can attend by purchasing a ticket online today!
