In today’s business environment, cyber safety and business success go hand in hand.
Understanding the tactics, techniques and procedures (TTPs) used by the growing number of cybercriminals is important for businesses looking to shore up their defenses against such threats, but it’s equally important to foster a culture where employees feel empowered to act when they identify potential risks.
“In our technology environment, leaders and individuals need to feel empowered to take responsibility if they see something amiss,” Ron Green, cybersecurity fellow and former chief security officer at Mastercard, said in PYMNTS’ “What’s Next in Payments: Protecting the Perimeter” series.
Green emphasized the importance of creating an environment where team members can “press the red button” when they see a problem.
This approach allows small issues to be addressed before they turn into major crises.
At the same time, Green explained that it’s not enough to just focus on developing new products and services; companies also need to ensure the resilience of their existing systems and make sure their teams are ready to deal with emerging threats.
In today’s interconnected world, disruptions can occur from a variety of sources, including cyber threats as well as physical events such as natural disasters or media crises.
Fully planned: Prepare for all eventualities
Cybercriminals use a variety of tactics to infiltrate systems. But beyond scammers, disruptions can also occur spontaneously. Businesses, especially those operating in security-sensitive sectors, should invest in advanced threat detection and response solutions, implement robust backup and recovery processes, and conduct regular security training for employees to mitigate the risk of phishing attacks.
“Mastercard has a crisis response team. It’s not a cyber crisis response team. It’s not a weather crisis response team. It’s a crisis response team that deals with any bad event,” Green said, emphasizing the importance of addressing all hazards in business continuity plans.
This holistic approach to crisis management will enable organizations to respond effectively regardless of the nature of the disruption, he added. Moreover, real-world testing of these plans, including exercises involving external partners such as government agencies and customers, is essential to ensure preparedness.
Green said Mastercard regularly conducts more than 30 tests across a range of scenarios and business sectors, and involves outside organizations such as the FBI, Secret Service and Cybersecurity and Infrastructure Security Agency (CISA).
Regular testing within your organization and with external partners ensures a fast and effective response in the event of a real incident.
Green said the training helps everyone know how to work together effectively even on “bad days.”
Strengthening cybersecurity through technology, education and practice
When it comes to cybersecurity, Green emphasized the importance of adopting a multifaceted approach that includes advanced technology, continuing education and rigorous training.
On the technology side, adopting a zero trust framework is key.
“Look at technologies that can ensure people can do just what they need to do, when they need to do it, and how they need to do it,” Green advised.
This principle reduces the risk of breaches by minimizing unnecessary access and ensuring only authorized actions are performed.
Education is another pillar of a strong cybersecurity posture.
“If you think you know everything about security, you’re wrong,” Green warned.
Continuous learning is essential for everyone in an organization, not just security professionals, and educating all employees helps companies reduce the risk of human error that leads to a breach.
One challenge common to many organizations is the perception that security measures slow down business processes. Green argued that integrating security from the start improves agility.
“Oftentimes, business teams develop technology and want to move fast, but then realize they need to bring security into the mix,” Green said.
By embedding security personnel within business units from the start, companies can streamline processes, avoid delays, and ensure security is an integral part of development rather than an afterthought.
Green also touched on the risks associated with rapidly introducing new technology without considering long-term management, using the analogy of getting a puppy, warning that introducing too much new technology without a plan for its care and maintenance could lead to chaos.
“Not every animal in a zoo has to be taken care of,” he pointed out.
Instead, companies should aim for standardization, which allows for more efficient management and reduces complexity in the technology environment. While standardization is key, Green also stressed the importance of thorough testing to ensure systems are resilient and secure.
Ultimately, he concluded, a comprehensive and proactive approach to cybersecurity and business continuity fosters trust among customers. When a company becomes known for its rigorous security measures and ability to deal effectively with crises, it builds a reputation for reliability and safety.
“Doing everything right and being known for doing it builds trust,” Green explained.
Trust strengthens customer relationships and makes your business more resilient overall.
Read more: Cybersecurity, Data Breach, Featured News, Fraud, Mastercard, News, PYMNTS News, pymnts tv, Ron Greene, Fraud, Security, Technology, Video, WhatsNextInPaymentsSeries, What’s Next In Payments: Protecting The Perimeter 2024
Source link
