Organizations need to step up modernization of legacy mainframe systems and ensure succession planning of staff to counter the growing threat of cyberattacks and retain expertise, says U.S. Railroad Retirement Board CIO Ram Murthy.
Writing in CIO Review, he notes that legacy architecture systems “stand no chance exposed to the modern security threats and real time interactions of today.”
Murthy says his policy is to act as if his organization’s systems are permanently breached, using continuous monitoring as the new firewall. Web application attacks are increasingly common, targeting weaknesses in servers. As well as scanning software code and using database firewalls, Murthy says new technology such as browser isolation will be of value.
The RRB has established its own senior agency official for risk management to ensure leadership involvement in risk-based decisions and maintain good intelligence collection and sharing. The organization also uses a three-stage authentication and authorization process, involving certificated hardware, identifiable users, and a trusted agreement in the user-device combination.