Technical operations security needs constant evaluation and evolution to safeguard enterprise assets in a digitalized era with increasing cybersecurity risks. Going forward, adoption of new technology and innovation will be crucial both in terms of promoting competitiveness of the business and to achieve more effective cyber risk management and mitigation. As stated in a PWC survey, the benefits of innovation are evident, closing the wide lead that attackers have held for a long time. The shift of operations and security tools to cloud infrastructure, switching to advanced technologies, and restructuring operations through automation and rationalization are improving the cost efficiency and effectiveness of cyber operations through-out the enterprise. However, there will also be risks associating new innovation, which may be detrimental if not accounted for properly. As organizations go through modernization processes and are subject to increasingly sophisticated attacks, such as SolarWinds, they need to incorporate strategies such as the Defense in Depth for proper management of the security programs and controls to not only enhance operational effectiveness, but also enhance operational security.
Maintaining and investing in a centralized and robust technical security operations team focused on defense-in-depth will best position an organization to meet and address these accelerating threats. Having the program elements in place is the first step, equally important is maintaining vigilance to keep coverage of all the program elements at the highest percentage possible. This coverage is key as threat actors will exploit gaps wherever they exist, regardless if they expose high risk assets or not.
With ownership of an organization’s assets and defense-in-depth program elements defined, measurement of and adherence to the highest standards within those elements can be best effectuated. With this in place, cybersecurity roles and responsibilities for all other functions and staff come into focus and can enable requirements for collective efforts from participants across the entire organization.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Greg Montana is the Corporate Executive Vice President, and Chief Risk Officer for FIS Global. Previously he worked at Bank of America as senior vice president and senior operational risk executive; PayPal, as senior director of global risk operations; and Lloyds Banking Group as director of operational, credit and compliance risk. Montana holds a master’s degree in business administration from the Wharton School of the University of Pennsylvania and received a bachelor’s degree from Boston College. Montana was an adjunct professor of risk management at Flagler College in St. Augustine for seven fall semesters (2013 – 2019) and received the Risk Management Association’s (RMA’s) Special Service Award in October 2012, the same year he joined FIS. He has also authored four articles in the RMA Journal.