A Battle or a Coalition? Proactive vs Reactive Cybersecurity

Many businesses are starting to investigate proactive vs reactive cybersecurity methods. Reactive cybersecurity strategies have been effective in the past when dealing with incidents and remain relatively effective where known threats are concerned. The problem is that cyber criminals are now aware that businesses are already prepared for known threats and are actively improving and evolving their cyber-attack methods to evade detection. On average, it is taking businesses 191 days to detect a cyber-attack, allowing cyber criminals ample time to steal data, infiltrate systems, and install malware.

We are also currently seeing a rapid expansion in the cybersecurity threat landscape. Digital threats are evolving in intelligence and are becoming more sophisticated. Over the last 2 years cyber-attacks have increased in frequency and severity, primarily due to the impact of COVID-19 on work environments. Malware attacks alone increased by 400% in 2020, and last year the average cost of a data breach rose to $4.24 million per incident. With figures in the millions, it is not surprising that 60% of businesses file for bankruptcy within the 6 months following a cyber-attack. Relying solely on reactive strategies is no longer an effective security approach.

The following discusses reactive and proactive approaches and gives you an insight into how to build effective cybersecurity strategies for both measures.

Proactive vs reactive cybersecurity

Proactive cybersecurity

A proactive approach uses methods to preempt, predict and identify potential threats before they occur, allowing cybersecurity teams to mitigate any cyber-attacks before they can inflict damage. A proactive cybersecurity culture allows your team to focus on prevention rather than response. This puts your business in a strong defensive position, allowing you to stay ahead of cyber criminals. Proactive security measures include:

• Penetration testing
• Threat hunting
• Cybersecurity awareness training
• Ethical hacking
• Unsupervised machine learning and anomaly detection
• Zero Trust security framework

Proactive security measures require a new way of thinking, and therefore it is likely that new infrastructure will need to be put in place to implement an effective proactive strategy. Advancements in artificial intelligence have allowed automated programs to detect suspicious or anomalous user behavior, which could indicate a previously unknown cybersecurity threat. This type of technology can notify your cybersecurity team of threats in real-time, allowing them to investigate and mitigate where needed before cyber-criminals gain access.

Research has suggested that businesses experience 53% less cyber-attacks and data breaches when they have proactive security measures in place. Considering the above, does this mean that proactive cybersecurity should be prioritized over reactive cybersecurity?

Reactive cybersecurity

A reactive approach is as suggested in the name – following a cyber-attack or data breach, your cybersecurity team will respond or ‘react’ to deal with the threat and any potential damages. While a reactive approach is no longer effective as a sole method of cybersecurity, due to the mass damage and revenue loss that occurs following a breach, it still has a place in overall cybersecurity strategies. Reactive strategies include:

• Incident response planning
• Enforcing password resets
• Reporting and investigation

Reactive cybersecurity methods are beneficial for preventing similar cybersecurity threats in future. Additionally, if a cyber-attack does happen to breach your system despite any proactive measures that might be in place, a reactive strategy can help minimize damage and reduce overall costs

Combining proactive and reactive cybersecurity

Proactive vs reactive cybersecurity is not the right mindset when deciding on a security strategy for your business.

Think of proactive and reactive cybersecurity as a ship headed for an iceberg. Using a lookout (proactive security), we will see the iceberg before it hits and can steer the ship out of the iceberg’s path. Despite all our best efforts, however, the ship may eventually succumb to an iceberg, and if that happens, you’re going to want to make sure you have lifeboats onboard (reactive security) to keep you afloat. Essentially, your proactive and reactive cybersecurity strategies should complement each other, and it is best practice for your business to adopt both measures – rather than opting for just one.

Building proactive and reactive security strategies for your business

Preparation

While the preparation stage of a cybersecurity strategy mainly involves taking proactive measures to prevent cyber-attacks – it is also important to prepare an incident response plan in case a cyber-criminal effectively infiltrates your system. The preparation stage is often the most time consuming, and generally takes a lot of effort to put in place, however it is a crucial step in ensuring your business is protected from a cybersecurity attack. Steps that should be taken in the preparation stage include:

• Investing in machine learning technology to detect suspicious or unknown patterns of user behavior
• Putting together a threat hunting team to stay on top of new threats that emerge
• Training your employees to identify and report suspicious activity on the system (e.g., phishing emails)
• Preparing an incident response plan for if a cyber-attack does occur, ensuring the elements of this plan are approved and funded in advance

Identification

Using the tools put in place above, this phase of a cybersecurity strategy is used to identify any known threat, or potential new threats discovered attempting to infiltrate the system.

Mitigation

Once threats are identified, processes should be put in place to mitigate the threat. This could be adding an additional layer of security, patching up detected vulnerabilities within your system, or adding the identified threat to the known database. If the cyber-criminal did manage to access the system, it would be during this phase that the incident response plan would be initiated, and steps would be taken to minimize the damage done.

Review

Following the discovery of a threat it is good practice to go back and review the systems and plans in place that were initially laid out during the preparation phase. Are these plans all up to date? Is any new technology needed to control new threats that have emerged? Does the team need to be retrained or updated on any changes to the policies or systems?

While reviewing your cybersecurity strategy each time a new threat is discovered may seem like an arduous process, it strengthens your business in the long run. Having these processes in place will help you avoid the millions in losses that could occur if your business experiences a cyber-attack or data breach.

Reactive cybersecurity alone is no longer enough

Due to our ever-evolving threat landscape, reactive cybersecurity strategies alone are no longer enough to keep businesses protected from more sophisticated threats. That doesn’t mean they still don’t play a role in protecting businesses from cybersecurity threats. Reactive security strategies are useful for stopping ongoing attacks and preventing them from happening again.  For new and emerging cybersecurity threats and vulnerabilities, however, proactive cybersecurity is a more beneficial approach.

Instead of thinking about your security strategies as proactive vs reactive cybersecurity, you should start thinking about how both proactive and reactive measures can be combined to better protect your business.