menu close
  • Back

daniel dsouza
Head of Information Security Solutions, Canon Business Services ANZ

Daniel D'Souza is a highly accomplished Information Security professional with a wealth of experience spanning over a decade. His professional journey has covered multiple market sectors including finance, insurance, technology, education, and consulting. The latest of which led him to join the dynamic team at Satalyst, a Canon Business Services Australia company, as an Information Security Manager. In this role, Daniel was instrumental in helping customers safeguard their digital assets, protect their data, and mature their Information Security control environment. 

In recognition of his expertise Daniel was then transitioned into a pivotal secondment as the Manager of IT Governance, Risk & Compliance within Canon Business Services. Daniel's scrupulous oversight in ensuring key security audits and assessments were delivered has not only strengthened the implementation of CBS’ governance framework, but also substantiated a robust security infrastructure, both for CBS and its customers. 

Currently serving as the Head of Information Security Solutions at CBS, Daniel’s insightful approach to cybersecurity leadership plays a key role in ensuring CBS customers leverage the latest in Information Security technology and services. In this role he brings together strategic vision and a team of highly skilled cyber security professionals with vast real-world experience in reducing business risk through cyber resilience. 


The evolving threat environment

The cyber threat landscape is continually evolving, with attackers employing increasingly sophisticated methods. Advanced Persistent Threats (APTs) represent long-term targeted attacks that can infiltrate systems undetected, gathering sensitive information over extended periods.

Ransomware has also evolved, with attackers now engaging in double extortion tactics—stealing data before encrypting systems and threatening to release it publicly if demands aren’t met or selling it on to the next bidder, who may then restart the cycle.

Supply chain attacks are another growing concern. By compromising third-party vendors, attackers can indirectly infiltrate organisations, making detecting and preventing breaches more challenging. These evolving threats highlight the inadequacy of reactive measures and the necessity for proactive strategies.

Then there is Generative AI, which presents both opportunities and challenges in cybersecurity, necessitating a balanced approach that combines AI technologies with human expertise to effectively manage emerging threats.

Proactive cybersecurity involves anticipating potential threats and implementing measures to prevent them before they cause harm. It requires continuous monitoring of systems and networks to detect anomalies and regular assessments to identify and address vulnerabilities.

By staying ahead of attackers, organisations can reduce the likelihood of successful breaches, minimise potential damages, and ensure compliance with regulatory requirements.

Waiting for a cyber incident before taking action is like locking the barn door after the horse has bolted. Cyber threats are evolving at a relentless pace, and New Zealand organisations can no longer afford to remain reactive. It’s time to shift gears—to move from a reactive stance to a proactive cybersecurity approach that anticipates threats before they materialise.

But how do we make this shift? Let’s delve into the critical steps that may help transform your organisation’s cybersecurity posture from passive reactivity to an active, resilient front.

Understanding the reactive trap

Reactive cybersecurity often leaves organisations vulnerable in several ways. Delayed responses to threats mean that significant damage may have already occurred by the time action is taken. This lag increases the potential for data breaches, financial loss, and disruption of services.

Moreover, the costs associated with post-incident recovery—including legal fees, regulatory fines, and remediation efforts—are often substantially higher than the costs of prevention.

Reactive approaches can also lead to reputational damage. Customers and partners expect organisations to safeguard their data and operations proactively. A security breach can erode trust and lead to a loss of business, affecting long-term profitability and market position.

Why are organisations reactive instead of proactive?

If your organisation finds itself firefighting—responding to incidents as they occur rather than preventing them—you’re not alone. Such a reactive approach often stems from a lack of awareness about existing vulnerabilities or uncertainty about how to stay ahead of emerging threats.
  • Self-assessment gap: When was your last cybersecurity assessment? Regular evaluations are essential to understand your cyber maturity and identify areas for improvement.
  • Management involvement: Is your leadership team engaged in cybersecurity decisions? Effective cybersecurity requires input and commitment from top management to frontline staff.

Taking stock: Know thy assets

Do you know what you’re protecting?

You can’t safeguard what you’re unaware of. Taking stock of your assets is a fundamental step in proactive cybersecurity.
  • Asset inventory: Do you have a comprehensive view of all your hardware and software assets? What data resides on them?
  • Data classification: Is your data classified and labelled according to its sensitivity? Without this, you won’t know what controls you need to have in place to protect it.
  • Decision-making data: What information do you rely on to make security decisions? Are you leveraging real-time threat intelligence and vulnerability assessments?

"Proactive cybersecurity isn’t just about preventing the next attack—it’s about building a resilient future where security is ingrained in every facet of the organisation."

Daniel D’Souza, Head of Information Security Solutions at Canon Business Services ANZ


Embedding security into the fabric of your organisation

Proactive cybersecurity isn’t a standalone function—it needs to be woven into every process and team.
Critical processes identification: Have you pinpointed your critical business processes? Knowing which processes need to be brought back online first in case disaster strikes is paramount.
  • Aligned protection: Are you safeguarding assets and data in line with their classification and within the context of critical processes?
  • Proactive testing: Do you regularly conduct penetration testing and incident scenario exercises? These practices help uncover vulnerabilities before malicious actors do.
  • Strengthen the chain: Embedding cybersecurity processes across all teams—applications, infrastructure, data, and more—will help avoid any of these becoming the weakest link that exposes you to threats.
  • Security by design: Are you building, deploying, and maintaining your environment with security in mind? Embracing principles like Zero Trust architectures can significantly reduce risk.
Operating without a cybersecurity framework is like embarking on a journey without a map. Mitigation strategies such as the ACSC Essential Eight or the NIST Cybersecurity Framework provide structured approaches to managing cyber risk.

Get in touch

Talk to us today to optimise your operations.

Contact Us

Cultivating a healthy cybersecurity culture

A proactive approach is underpinned by a culture that values and prioritises cybersecurity. It involves:
  • Leadership commitment: Leaders who champion cybersecurity initiatives and foster an environment where security is everyone’s responsibility set their organisations up for greater success. Leadership investment includes providing adequate funding for security initiatives, staffing cybersecurity teams appropriately, and integrating security considerations into business planning. Executive training on cybersecurity risks and strategies ensures leaders understand the landscape and can make informed decisions.
  • Employee engagement: Employees are often the first line of defence against cyber threats. Comprehensive awareness programs educate staff about common threats like phishing, social engineering, and malware. Update ongoing training regularly to address emerging risks. Engaged employees who understand their role in cybersecurity contribute significantly to a proactive security culture.
  • Open communication: Encouraging discussions about security challenges and solutions promotes collective problem-solving. Accessible support channels for reporting incidents or seeking guidance encourage employees to act promptly when they encounter potential threats. Establishing a non-punitive environment for reporting mistakes or near-misses promotes transparency and learning. Feedback mechanisms that allow employees to share concerns and suggestions help organisations identify weaknesses and improve practices.
  • Continuous improvement: A culture that emphasises ongoing education and adaptation stays ahead of evolving threats. This includes vulnerability assessments, penetration testing, and audits. Adaptability is crucial. Encouraging professional development, such as certifications and training for cybersecurity personnel, ensures your team remains skilled and informed. Benchmarking against industry standards, such as ISO 27001, allows you to measure progress and identify areas for improvement. Developing action plans to address gaps supports a cycle of continuous enhancement.

For a deeper dive into building such a culture, refer to our previous article on Fostering a Healthy Cybersecurity Culture.

Boosting awareness and training

Creating a security-conscious culture involves embedding cybersecurity into the organisational DNA. Empowering employees to actively participate in security practices encourages proactive reporting of threats and anomalies.

Recognition programs that acknowledge contributions to cybersecurity efforts, such as identifying vulnerabilities or suggesting improvements, reinforce positive behaviour. Regular communication about cybersecurity successes, updates, and tips keeps security at the forefront of employees’ minds.

Designating security ambassadors or champions in each department can facilitate peer-to-peer learning and support, further strengthening the organisation’s security posture.

Empowering your team

Your staff can be your weakest link or your first line of defence.
  • Security awareness programs: Do you have comprehensive training that educates employees about cyber risks and best practices?
  • Defined responsibilities: Are staff aware of their specific roles in maintaining security? Clarity reduces the chance of accidental breaches.
  • Accessible support: Do employees know where to get help if they suspect a security issue?
  • Skill development: Is your cybersecurity team equipped with the skills necessary to navigate the current threat landscape?

Investing in your people mitigates risk and fosters a sense of ownership and accountability.

Embracing continuous improvement

The journey, not the destination

Cybersecurity isn’t a set-and-forget endeavour—it’s an ongoing process of refinement and enhancement.

According to Gartner, by 2025, 60% of organisations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. The projection highlights the necessity of staying ahead of the curve—not just keeping pace with it.
  • Culture of continuous improvement: Is your organisation committed to regularly updating and improving security measures?
  • Leveraging advanced technologies: Are you exploring the latest in AI and machine learning to enhance threat detection and response?

Artificial Intelligence (AI) and Machine Learning (ML) are transforming cybersecurity with predictive analytics and automated responses. Predictive threat detection uses AI algorithms to analyse vast amounts of data, identifying patterns that may indicate potential attacks, which allows organisations to address vulnerabilities before they’re exploited.

Automated incident response leverages ML models to swiftly react to detected threats without human intervention, reducing response times and limiting damage. For example, AI-powered tools can automatically isolate affected systems, block malicious traffic, and initiate recovery processes.

Investing in AI-powered security tools that align with organisational needs is crucial. Continuous training of ML models with the latest threat intelligence ensures that the systems remain effective against emerging threats. Collaborating with cybersecurity vendors specialising in AI and ML solutions is important to tailor technologies to specific organisational contexts.

Enhancing visibility to combat reactivity

Staying ahead of cyber threats requires real-time visibility into network activities. Security Information and Event Management (SIEM) systems centralise collecting and analysing security events from various sources, allowing detection of anomalies and potential threats and putting you ahead of the game.

Subscribing to threat intelligence feeds from reputable sources provides up-to-date information on emerging threats, vulnerabilities, and attacker tactics. Leveraging resources from agencies like the ACSC enhances situational awareness.

Implementing SIEM solutions and integrating them with other security tools allows for automated responses to certain types of threats, reducing the window of opportunity for attackers.

Seeing the unseen

Greater visibility into your systems and networks allows for early detection and swift action.
  • Current state view: Have you consolidated the information from the previous steps above to understand your current security posture?
  • Process and technology integration: Are you introducing processes and technologies that align with your target security state?
  • Regular maturity reviews: Do you consistently assess your cybersecurity maturity level and strive for improvement? 

Stepping into a proactive future

Making the shift from reactive to proactive cybersecurity isn’t just a technical upgrade—it’s a fundamental change in mindset and operations. It requires commitment, resources, and a willingness to evolve.

But the benefits are clear: reduced risk, enhanced reputation, greater resilience, and the confidence that comes from being one step ahead.

So, are you ready to stop chasing threats and start anticipating them? The time to act is now.

Similar Articles

VIEW ALL

What are the advantages of Microsoft Azure

Discover the advantages of Microsoft Azure: Scalability, security, cost-efficiency, and innovation. Learn how Azure enhances operations and drives digital transformation in New Zealand.

What is Security Automation?

Learn how automated security transforms cybersecurity, making it simpler and more efficient. Protect your business data with CBS New Zealand’s expert insights now!

What are the effective Azure cost optimisation strategies

Maximise Azure efficiency for your New Zealand organisation. Reduce costs, optimise resources, and align spending with business goals using our expert strategies and tools!

What are the benefits of penetration testing?

Gain confidence in your digital security with the benefits of penetration testing. Enhance cybersecurity, identify vulnerabilities, and fortify your defences with CBS New Zealand's expert insights now!

Cybersecurity Threat Detection: Proactive strategies

Stay ahead in cybersecurity with our 2024 guide on threat detection. Learn advanced technologies & response plans to protect your business against threats with CBS New Zealand.

Digital transformation in different industries

Discover how digital transformation is driving innovation across industries like healthcare, finance, and retail. Learn how AI, IoT, and cloud computing are reshaping business models and enhancing customer experiences.

Digital transformation in New Zealand's financial services

Discover key strategies and technologies driving digital transformation in New Zealand's financial services, enhancing efficiency, customer experience, and compliance. Find out more!

Digital transformation in the manufacturing industry

Discover how digital transformation reshapes the manufacturing industry in New Zealand by integrating advanced technologies like IoT, AI, and cloud computing. Read here.

Ultimate guide to internal penetration testing

This Internal Penetration Testing guide covers techniques, analysis, and best practices for identifying vulnerabilities & strengthening your cyber defense in New Zealand.

RMM Meaning and its significance in IT management

Evolving technology, key benefits, and its impact on efficiency and security. protect your business data with CBS New Zealand’s expert insights now!

The role of AI in cyber security

Discover how AI enhances cybersecurity with faster threat detection and automated, real-time protection with Canon Business Services New Zealand.

The Threat Intelligence Lifecycle explained

Discover how to navigate the Threat Intelligence Lifecycle in 2024. Our guide covers phases, analysis, and best practices for cybersecurity decision-making in New Zealand.