Most organizations today invest heavily in reactive measures in an effort to shore up their security against a growing landscape of threats. In fact, the endpoint security market is expected to grow to a record size of $15 billion by 2024.
However, as the name applies, these measures usually only come into play after an attack or malware infection has occurred. As a rule, these solutions are also usually created and updated in response to the new trends and TTPs used by attackers as they emerge.
Some of the common reactive security solutions used by almost all organizations today are:
- Firewalls
- Antivirus or anti-malware software
- Password protections
- Spam filters
- Ad blockers
- Incident response plan
Proactive security is all about preventing an attack before it happens. Or, at least, before there is any reason to suspect it has already occurred. As we all know, prevention is better than cure, especially with the average data breach costing organizations as much as USD 3.86 million.
Although proactive security can provide tremendous benefits, it’s not meant as a replacement, but an enhancement, of your existing security systems.
Involve everyone in cybersecurity
The best way to be more proactive when it comes to security in your organization is to make it part of your corporate culture. There are many different approaches to how you can promote security in everything you do.
It could be as simple as organizing regular meetings between your security teams and other departments. You can make use of security training and awareness courses to update the knowledge and capability of all your stakeholders to identify and respond to security threats. However, this shouldn’t be seen as a once-off solution as training needs to be regularly updated to stay effective.
For example, the Phish Scale is a paradigm developed to help organizations train employees to spot and deal with phishing attempts – one of the leading initial attack vectors today.
It’s also possible to involve employees in red/blue teaming exercises to analyze and improve your security procedures.
Keep tabs on security advisories and regularly update/patch software
We tend to get complacent in the belief that the proprietary hardware and software tools and systems we use are secure. It may also seem reasonable to believe that older software must’ve gone through enough patches and updates to have sealed up all potential exploits.
This is simply not the case.
From Siemens PLCs to Chrome to Microsoft Exchange, exploits are still being discovered by the day. Sometimes OEMs and customers are lucky in that they are first reported to the companies to be patched before being made public.
Other times, they are made public knowledge before there is time to address the underlying issues. In this case, you’ll need to adopt a more proactive posture to monitor the possibly affected systems and implement any workarounds or countermeasures that are available.
Leverage ethical hacking and penetration testing
Ethical hacking is exactly what it sounds like. In short, it’s an authorized attempt to gain unauthorized access to a target system. Ethical hacking may be commissioned or un-commissioned, in the form of 0-day exploits reported by responsible hackers or through public bug bounty programs.
Ethical hacking has involved a whole industry of its own. Entire websites, like HackerOne, are dedicated to providing ethical hackers with legitimate channels to carry out their work for compensation in responsible ways.
Even corporate giants like Microsoft, Google, and Verizon Media have benefitted from this practice.
Ethical hacking is so effective because it leverages the crowdsourcing approach to finding potential weaknesses or exploits in your systems. It’s a great way to expand your limited security resources and get out-of-the-box perspectives on your security system.
More organized ethical hacking practices like red/blue teaming are also effective ways to test your systems as well as the response of your security teams.
Proactive monitoring and threat hunting
There is often some confusion between what is threat detection and threat hunting. Threat detection is a more passive/reactive approach, relying on security solutions such as malware scans to detect a malware infection. Threat hunting is actively searching for a threat in your network, even if you don’t have any evidence an incident has occurred.
You may conduct a threat hunting search by analyzing event logs, network traffic, endpoints, or other data sets. The goal is to catch malware or malicious activities in the act and respond appropriately.
Threat hunting should be used as a way to support your threat detection systems. Security analysts may be able to pick up suspicious behavior that manages to fool security software. Resources like the MITRE ATT&CK framework can be useful for threat hunting.
Sources:
Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats
