In today’s operating landscape, cybersafety and business success tend to go hand in hand.
While understanding the tactics, techniques and procedures (TTPs) employed by a rising cohort of cybercriminals is crucial for businesses aiming to fortify their defenses against such threats, so too is fostering a culture where employees feel empowered to act when they identify potential risks.
“In our technology environment, leaders and individuals need to feel empowered to take ownership if they see something that’s not right,” Ron Green, cybersecurity fellow and former chief security officer at Mastercard, told PYMNTS for the series “What’s Next in Payments: Protecting the Perimeter.”
Green stressed that creating an environment where team members can “press the red button” when they see something wrong is important.
This approach ensures that small issues are addressed before they can escalate into larger crises.
At the same time, Green explained that it’s not enough to focus on creating new products and services; businesses must ensure that their existing systems are resilient and their teams are prepared to address any emerging threats.
In today’s interconnected world, disruptions can come from various sources — not just cyberthreats but also physical events like natural disasters or media crises.
Cybercriminals employ a variety of tactics to infiltrate systems. But beyond fraudsters, disruptions can happen of their own accord. Businesses, particularly those operating in security-critical sectors, must invest in advanced threat detection and response solutions, implement robust backup and recovery processes, and conduct regular security training for employees to reduce the risk of phishing attacks.
“At Mastercard, we have a crisis team — not a cyber crisis team, not a weather crisis team, just a crisis team that handles any bad event,” Green said, highlighting the importance of an all-hazards approach to business continuity planning.
This holistic approach to crisis management allows organizations to respond effectively regardless of the nature of the disruption, he added. Moreover, real-life testing of these plans, including exercises that involve external partners such as government agencies and even customers, is vital to ensure preparedness.
Green shared that Mastercard regularly conducts over 30 tests with different scenarios and business units, often involving external entities like the FBI, Secret Service and Cybersecurity and Infrastructure Security Agency (CISA).
Regular testing, both within the organization and with external partners, ensures that when a real incident occurs, the response is swift and effective.
These exercises help ensure that on the “bad day,” everyone knows how to work together efficiently, Green said.
In terms of cybersecurity, Green highlighted the importance of adopting a multifaceted approach that includes advanced technology, continuous education and rigorous exercise.
On the technology front, the adoption of a zero-trust framework is critical.
“Look at those technologies that can ensure people are doing what they need to do, only what they need to do, when they need to do it, and how they need to do it,” Green advised.
This principle minimizes unnecessary access and ensures that only authorized actions are taken, reducing the risk of breaches.
Education is another pillar of a strong cybersecurity posture.
“If you feel like you know everything in security, you don’t,” Green warned.
Continuous learning is essential not just for security professionals but for everyone in the organization, and by educating all employees, companies can reduce the risk of human error leading to breaches.
One of the common challenges in many organizations is the perception that security measures slow down business processes. Green argued that when security is integrated from the beginning, it enhances agility.
“Often, the business team develops the technology and wants to move fast, but then they realize they need to get security involved,” Green said.
By embedding security officers within business units from the start, companies can streamline the process, avoiding delays and ensuring that security is an integral part of development rather than an afterthought.
Green also touched on the risks associated with rapidly adopting new technologies without considering their long-term management. Using the analogy of adopting puppies, he warned that bringing in too many new technologies without a plan for their care and maintenance can lead to chaos.
“You don’t want every animal in the zoo that you have to take care of,” he noted.
Instead, businesses should strive for standardization, which allows for more efficient management and reduces the complexity of the technological environment. While standardization is key, Green also stressed the importance of thorough testing to ensure that systems are resilient and secure.
Ultimately, he concluded, a well-rounded and proactive approach to cybersecurity and business continuity fosters trust among customers. When businesses are known for their rigorous security practices and their ability to handle crises effectively, they build a reputation for reliability and safety.
“Doing everything right and being known for doing that … develops trust,” Green explained.
Trust, in turn, strengthens customer relationships and enhances the overall resilience of the business.