They come from cyberterrorists, enemy countries, sophisticated criminal networks, and hacktivists; no matter the source, cyberattacks continue to plague companies around the world. Over time, these attacks have transformed to a point where security solutions that worked in the past are no longer effective.
A typical scenario goes something like this: A computer hacker finds a security vulnerability and exploits it. The network security engineers patch the flaw and (sometimes) disseminate information, so others can do the same. Now thwarted from their original plan of attack, the hackers find another security hole to exploit; the security engineers patch that hole, and the game goes on.
Occasionally, security researchers find a vulnerability before attackers discover it, and successfully close the avenue of attack before any harm is done. But much more often, security engineers are reacting to hacker’s exploitative actions, taking what’s very aptly known as a reactive approach.
The Reactive Approach
The traditional solution to cyberattacks is based on reacting to a threat, responding to it, and recovering from it. Reactive methods include:
- Disaster recovery plans
- Private investigation services
- Loss recovery specialists
- Reinstalling operating systems and applications on compromised systems
- Hardware redundancy in other locations
As the cyberattacks we face today become increasingly sophisticated, this reactive approach is becoming outmoded. With a security approach that’s failing to keep up with today’s hackers, threats like data breaches, identity theft, and stolen data continue to be rising problems.
According to a security report released in 2014:
- The number of successful cyberattacks rose by 144%.
- The expense of handling a data breach increased by 96%.
- The time it takes to get up and running after an attack increased by 221%.
One only need look at the recent Distributed Denial of Service (DDOS) attack that crippled parts of the internet to understand that by itself, the reactive approach is largely ineffective. While it’s important to have thorough response plans developed and prepared in the event of an attack, it’s becoming increasingly necessary to pair reactive methodologies with a proactive approach.
The Proactive Approach
The current (and rapidly growing) trend focuses on taking offensive action before cyberattacks occur, as opposed to merely reacting to an attack once it happens. This requires security professionals to anticipate an attack and take steps to prevent it.
Proactive security requires an approach that incorporates human and physical security components, as well as IT security to safeguard data. Many security breaches are caused by human weaknesses, and lack of adherence to good security policies. Making things worse is the current trend of businesses allowing employees to bring their own devices into the workplace. While external threats are not to be ignored, business leaders must remember that risks come from within their own walls, as well.
Threats from inside a company’s perimeter include:
- Social engineering
- Targeted intrusion
Solving these human and physical problems requires management and cultural changes that some companies are not willing to adopt — due to the rigorous program of awareness required to support rigid security policies. Resistance to adopting this solution has led to organizations to allocate more resources to proactive systems. These systems are often part of a static security strategy.
Why Static Security Fails
Static security measures implemented as “proactive security” are doomed to fail, because in most cases, they underestimate the opponent. Static measures are easily bypassed by attackers with greater knowledge and more “firepower” than corporate security professionals, who are unable to anticipate attacks or to detect them in time to stop them.
Many IT security professionals don’t have the tools they need to track Advanced Evasion Techniques (AETs), and are unfortunately unable to convince upper management of the need to institute them. Without the proper tools, IT professionals can’t find and identify potential threats early enough to take preventative action; they are essentially left weaponless against hackers with advanced methods of attack.
Companies Moving from Security to Defense
Today, deploying a basic monitoring system is simply insufficient. Moving from a security to a defense model recognizes the need to detect and respond to attacks in real time, responding appropriately based on the attacker’s objective and attack method. This is becoming more important as businesses discover that intricate attacks can last for days, weeks, or even months. In some cases, the goal isn’t infiltration, but a “long con” process of stealing information that can go on for years.
In the endeavor to go from a security mindset to a defense mindset, software automation has become a huge piece of the puzzle, allowing companies to be better prepared against cyberattacks. Incorporating automated software into a system for responding to cybersecurity incidents provides a high level of protection. Because intuitive technology is doing most of the work, the protection is available round the clock, surpassing the level of security possible by a human staff.
Putting It All Together: Comprehensive Protection Against Cyberattack
Reactive and proactive security methods aren’t mutually exclusive — organizations must plan how to respond when an intrusion does occur, whether from worms and viruses, DDOS attacks, social engineering or even from disgruntled employees with insider knowledge of the network (it happens more often than you’d think).
For comprehensive defense, a reactive security strategy should be paired with a proactive strategy and effective tools for uncovering, identifying, and responding to potential threats before they have the chance to damage a company. New methodologies, including predictive threat intelligence and predictive analysis of past breaches, will grow quickly — bringing the need for new personnel capabilities in many IT security fields.
Every business needs to decide the appropriate mix of resources to devote to proactive security measures (to deter attacks), and reactive measures (to respond to attacks that get through). At the very least, a comprehensive approach will require partnerships between cyber-professionals and analytics experts to stay on top of the ever-advancing attack methods threatening today’s businesses.