Virtualization Technology News and Information
Article
RSS
Striking a balance between proactive and reactive cybersecurity

By Christos Flessas

As advanced cyberattacks become more frequent and intense and aim at a broader range of sectors and industries, public and private businesses try to better prepare themselves to mitigate cyber threats and cope with a possible cyberattack that will impact their revenue and damage their reputation.

Back in 2020, Cybersecurity Ventures reported that "cybercrime represents the greatest transfer of economic wealth in history" and highlighted that cybercrime will cost companies worldwide from $3 trillion in 2015 to an estimated $10.5 trillion annually by 2025, with the cybercrime yearly growth rate touching a whopping 15%.

Within such a gloomy future, and in their quest to find the holy grail of cyber defense, businesses arrive at a crossroads where they must decide whether to implement a proactive or a reactive cybersecurity approach. Which one is the most efficient? Being proactive or reactive? Or their balanced combination will give better results and cybersecurity coverage, considering factors such as agility, variability, and high transformation of the environments that need to be protected.

The proactive and reactive approaches

Inspectorio highlights that according to the 1/10/100 rule in quality management: "the cost of preventing quality defects is lower than the cost of correcting defects, which in turn is cheaper than the cost of letting defects reach your customers." In other words, $1 investment in prevention is less expensive than $10 in correction, and $10 in correction is cheaper than $100 to deal with the failure. Regarding cybersecurity, one could say that being proactive is cheaper than being reactive. But is it the best solution, as many believe, or do businesses tend to focus more on the reactive part?

A proactive approach involves much effort in the planning phase of a cybersecurity program and an initial investment for procuring advanced tools or contracting with external service providers. Being part of risk management, a proactive cybersecurity approach preemptively spots flaws and introduces processes to identify threats before they occur. Some key features of that strategy may be:

  • Disk encryption and physical protection to enhance data security.
  • Managed SOC that centralizes threat monitoring.
  • Multi-factor authentication to ensure proper access control.
  • The use of firewalls and strong passwords.
  • Cybersecurity risk assessments.
  • Penetration testing.
  • Security training to keep insiders aware of the evolving threats, and best practices to avoid them.
  • Specialized vulnerability scanning software to inspect the exposed surface and detect gaps in the cybersecurity perimeter.
  • Data Loss Prevention (DLP) tools and Data Detect and Response (DDR) solutions.

On the other hand, the reactive approach deals with the aftermath of an incident; when a cyberattack will succeed in reaping a business's defenses. A reactive approach is oriented toward responding to incidents after they occur and primarily focuses on addressing incidents immediately to prevent further escalation. Within a reactive toolbox, one can find:

Benefits and drawbacks

Although proactive seems a better solution than relying on damage control of a reactive solution, both approaches have pros and cons, and sometimes the choice is driven by the management style of business executives.

Some advantages of a proactive approach are the cost of creating a proactive plan, compared to the expenses required to return to normal operations after a cyber attack, the theoretical less involvement in crises, early detection and prevention of threats from insider actors, and potential flaws. Furthermore, a proactive approach ensures compliance with security regulations, as it implements all standards' prerequisites in advance.

However, a proactive approach faces several challenges. Firstly, it requires a significant investment in technology, personnel, and processes to be implemented. Secondly, proactive policies may generate a high volume of alerts - as they try to anticipate every possible situation - many of which may be false positives, and create alert fatigue. Last but not least, it can raise privacy and ethical concerns, as it involves monitoring and analyzing user behavior and data, and organizations shall take into account and comply with legal and ethical standards and privacy rights seriously.

On the other hand, reactive cybersecurity measures are essential because they can help organizations minimize cyberattack damage and get back to the status quo ante as quickly as possible. In addition, reactive measures can help organizations learn from their mistakes and take all necessary steps to improve their cybersecurity posture in the future. In a way, the reactive cybersecurity approach improves proactive cybersecurity by feeding the latter with hands-on experience and lessons learned.

A significant drawback of the reactive approach is that the damage of an attack is not known in advance, nor is the amount of effort and expenditure required to respond to an incident. It is also difficult to predict the success of incident response in the future. Finally, exclusively reactive security can create a false impression of a company's high hierarchy as being the "savior of life" and thus mistakenly relies on it alone.

And the winner is...

As the debate on which of the two cybersecurity approaches is the most efficient goes on, and whether being proactive is better than reactive and vice versa, one shall consider that both strategies are interconnected. Each of them must be a part of the more extensive defense a business must have in its holistic cybersecurity plan. A plan can't be considered proactive if a reaction is not foreseen. Cyberattacks are a matter of "when" and not "if"; effective cybersecurity requires a balance between proactive and reactive measures to protect businesses against cyber threats and incidents.

Remember that cybersecurity is a continuous process that needs constant assessment and modifications to remain effective against ever-evolving threats. As so, organizations can avoid possible risks and lessen the harm caused by being alert and proactive but also aware and trained from lessons learned and incidents' experience.

##

ABOUT THE AUTHOR

Christos Flessas 

Christos Flessas is a Communications and Information Systems Engineer with more than 30 years of experience as an Officer of the Hellenic Air Force (HAF). He is an accredited NATO tactical evaluator in the Communication and Information Systems (CIS) area and the National Representative (NatRep) at Signal Intelligence CIS and at Navigation Warfare (NavWar) Wrking Groups. Christos holds an MSc in Guided Weapon Systems from Cranfield University, UK. He has also attended numerous online courses such as the Palo Alto Networks Academy Cybersecurity Foundation course. His experience covers a wide range of assignments including radar maintenance engineer, software developer for airborne radars, IT systems manager and Project Manager implementing major armament contracts. 

Christos is intrigued by new challenges, open minded, and excited for exploring the impact of cybersecurity on industrial, critical infrastructure, telecommunications, financial, aviation, and maritime sectors. He is also a regular writer for Bora.
Published Friday, June 16, 2023 8:18 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<June 2023>
SuMoTuWeThFrSa
28293031123
45678910
11121314151617
18192021222324
2526272829301
2345678