Thought leaders preach proactive solutions to business adversity. But when it comes to cybersecurity, too many decision-makers find themselves well behind the data protection curve. This disconnect may be the result of common misconceptions about which businesses hackers target or merely a lack of data security investment. For whatever reason an organization finds itself lagging behind, a deeper understanding of the difference between proactive and reactive cybersecurity may help industry leaders make informed decisions.
Reactive Cybersecurity Looks Like An Episode of CSI
For those who enjoy a good Crime Scene Investigation series, that’s how exciting cybersecurity can get. That’s largely because businesses are left piecing together the pieces of a crime after they’ve been robbed.
“The reactive approach is when the Threat Actor has already attacked, and there are hopes that it wasn’t successful,” Carl Fransen of CTECH Consulting Group reportedly said. “A reactive approach would have a security analyst or tech look at logs of events that have already happened and then apply the security changes. If you are reacting to a breach, that usually means it is too late.”
A satisfying binge-watching crime investigation series usually leads through a few twists and turns. But, ultimately, the culprit is brought to justice, and the victim gains closure. Rarely does a cyber-attack result in either. Hackers routinely penetrate business networks from halfway around the globe. They plug away on laptops in coffee shops and basements well out of the reach of law enforcement’s reach. Even if the perpetrator can be identified, the possibility of an arrest is almost zero.
Proactive Pros Far Outweigh Reactive Cons
Cybersecurity experts widely agree that reliance on the reactive approach tends to be incredibly flawed. When asked to create a comparative short-list, Nick McCourt of Tier One Technology Partners crafted the following bullet points.
Proactive:
- Proactive approach allows for a decrease in threat count.
- Value can be shown in the tracking of threats being stopped as well as building and maintaining numbers to compare to prior infrastructure defense.
- The average email breach costs around $2,000 just to close and report the breach per account. In an organization of 35 employees, that’s $70,000 if they were all hit. However, a project enabling MFA could cost around $5,000 one time for an organization that size.
Reactive:
- Client is always behind in setting up a defense, so the cost of doing business is higher.
- There is usually a lack of tracking, so mitigation of a breach is harder to do.
- Attackers prefer to angle for low-hanging fruit.
- Reactive is “after the attack happened.” There is already an extra cost to the business.
McCourt, a cybersecurity engineer, appears to agree with the technology industry consensus that proactive measures are far more likely to avert a data breach. That also means proactive strategies are far more likely to harden an outfit’s defenses against nefarious digital schemes.
Reactive Cybersecurity Cannot Keep Pace Emerging Threats
It’s essential to recognize that digital thieves have evolved their criminal toolkits to keep pace with technological and cybersecurity advancements. In many ways, cybersecurity professionals are embroiled in a battle to fortify businesses against endless hacker assaults.
Proactive measures are akin to building a rampart that deters invasion. The reactive approach would be like trying to repel an invading force already inside a military compound. BoomTech business development executive Neil Rosenblum highlights the fact that fast-emerging threats have rendered reactive policies ineffective.
“In today’s world, with an estimate of 1 million new malware being released daily, you must be proactive to adequately protect yourself. Cybercriminals are much more sophisticated today using software and phishing emails to gain access to unsuspecting companies,” Rosenblum reportedly said. “The only solution is what we call Security 2.0. This means you must Protect your systems (97 percent of breaches could be prevented with today’s technology); Detect intrusions as soon as possible (most go as long as 200 days before detection), and Respond immediately.”
Cybersecurity leaders generally agree that while proactive strategies outpace reactive approaches, no organization will ever be completely immune from a potential breach. Hackers work relentlessly to adapt and overcome to business defenses.
That’s why industry decisive industry leadership calls for enhancing proactive measures while also developing a determined response. Reactive measures may include scenario planning, and disaster recovery, among others. The conventional wisdom is that a thought leader has reactive strategies in place only as a last resort.
