Cybersecurity professionals have never had it easy — but these days the game is definitely being played on expert mode.
Threats aren’t only increasing in number, they are becoming more diverse and targeted. Machine learning, deepfake technology and false flag cyber-attacks may still be on the margins now, but all could soon create profound new challenges for defenders.
So how do organizations buckle down and pass this test? By creating a security posture that is not only holistic and resilient, but active. The days of playing catch-up and working with largely reactive measures are over. Attackers are evolving too quickly — and computer environments are too dynamic — for a “sit and play defense” model to be effective. Waiting for an attack and failing to quickly and effectively deter or mitigate that attack can destroy organizational morale and lead to the loss of critical assets.
Instead, it’s time to go on offense.
Proactive vs. Reactive: Why This Debate Matters More than Ever
The logic supporting reactive security is simple: You learn from previous attacks and build your defenses accordingly. If an attack comes, you can quickly fend it off and mitigate the damage thanks to the preparation you’ve done.
On the other side, proactive cyber defense seeks to find and pre-empt evolving threats. Instead of waiting to be targeted and minimizing the effects, this approach is focused on active identification and deterrence.
Historically, those in favor of reactive measures have leveled two criticisms at the active approach: It’s more expensive and it wastes time and resources by chasing threats that may or not exist.
Proactive partisans, on the hand, will tell you that a purely reactive strategy is outdated and exposes organizations to an unacceptably high level of risk. Attackers grow more nimble and sophisticated by the year, yet workers continue to make the same simple errors. Opening a bad email link or misconfiguring a server can lead to extraordinary financial and reputational losses. Today, it’s not uncommon for an Advanced Persistent Threat to penetrate even relatively robust defenses, move laterally, and steal critical assets — often escaping detection for months. The task of anticipating what advanced threat actors will do has never been more difficult.
Proactive measures also possess inherent benefits not seen with a reactive approach. Create a security framework that is too reactive, and you can be lulled into a false sense of complacency. More active measures, on the other hand, stimulate awareness and understanding throughout an organization and help illuminate its true risk level. When you are constantly probing, you’re constantly learning.
So how does one take steps to create more proactive security posture management? Here’s a closer look at three best practices to adopt.
Extend Your Security Scrutiny Across the Ecosystem
Sophisticated attackers will often target the weak link in a chain. This means smaller vendors without enough technical skill or resources to maintain strong security may act as a conduit into a computer system further up the organizational food chain. Recent research has shown that threat actors are increasingly targeting the supply chain through manipulated software containers and library/package abuse.
Given these developments, rigorously assessing vendor risk is a key part of becoming more holistic and proactive in your approach.
Choose the Right Tools for a Proactive Approach
Rooting out threats before they jeopardize your organization requires the deployment of cutting-edge tools that help you test your existing security and see it through the eyes of an attacker. One obvious example of such a tool is a breach-and-attack simulation (BAS) platform. These tools work by launching continuous cyber-attack simulations against organizational defenses, mimicking the techniques and attack paths most likely to be used by adversaries.
Such a proactive threat protection approach not only allows defenders to take the initiative by emulating the mindset of the attacker, it also provides a security element that is highly aligned with today’s most pressing security challenges. An advanced BAS platform can continuously probe for vulnerabilities in hybrid environments. This is critical because cloud environments in particular are extremely dynamic — one small change can create new security gaps that are invisible to point-in-time testing.
By allowing automated testing — and combining it with prioritized remediation — tools such as these are indispensable when trying to actively defend and make a true security posture assessment. By analyzing reports and interacting with a security posture dashboard to develop this deeper level of insight and visibility, it becomes possible to enable a continual cycle of security posture improvement.
Foster a New Commitment to Security Awareness
If employees outside of the IT department are poorly trained or indifferent to security best practices, it’s going to be almost impossible to avoid being overly reactive. Security staff will constantly play catch-up, dealing with all the risks and damage created by poorly trained colleagues.
Organizations should create a culture when security ownership is embedded within all departments and workers. Too often security awareness is a box-ticking exercise or an onerous commitment to endure. To create meaningful change, security must be regarded as a strategic priority in the C-suite and a worthwhile endeavor among all workers.
Whether you choose to create new incentives, implement gamification elements to increase awareness or change how security awareness content is designed and delivered, it’s essential to create more interest and generate worker buy-in — or nothing will change and you’ll waste time reactively repairing easily avoided damage.
The Takeaway
In today’s world, an overly reactive security posture is an invitation to disaster. Attackers are simply too sophisticated, and the playing field is too dynamic. Only through proactive security measures can organizations ensure that critical assets are being protected in the most optimal manner possible.
We suggest you adopt these practices and tools such as cyber-attack simulation to help your defenders play offense — and tilt the playing field in their favor.
Gus Evangelakos is Director Field Engineering, XM Cyber