Most organizations take what you might call an active approach to cybersecurity, They’re prepared to do certain things once an attack happens. Or, they take a reactive approach, taking action after an attack is completed. A proactive cybersecurity strategy is about acting before any attack occurs; it’s a good cybersecurity posture of readiness.
Take a look at the policies, tools and practices that make up proactive cybersecurity measures.
Proactive Versus Reactive and Active Review
The creation and review of security tools, protocols, policies and practices are far too often a set-it-and-forget-it process. Yet the world is constantly changing. A proactive approach is to constantly review all this with an eye toward emerging threats, new tools and new ideas, updating everything frequently. The same goes for training. You should actively review the ‘curriculum’ for cybersecurity awareness and related employee training at least quarterly.
Instead of waiting for an attack, it’s best to do the hacking yourself. Certified ethical hackers can probe your defenses, hunting for vulnerabilities and defensive weaknesses. These offensive security researchers use the same methods and tools as malicious attackers. Red team/blue team exercises, penetration testing and other simulations enable your people to learn from cyberattacks without really being attacked.
Use tools that create insights into what’s happening on your networks and respond automatically. The proactive approach means that you have as many fixes as possible already locked and loaded. Intelligent software hunts 24/7 for breaches and odd behavior, ready to isolate and fix when something does happen. This is offense rather than defense.
Using the active approach, you can lock the doors when your system detects intruders. But with the proactive approach, you can lock the doors before they arrive.
Zero trust strives to verify and authorize every device, app and user attempting to access every resource.
For attackers, even if they can steal a password, they still find the doors locked because they don’t have an authorized device. This proactive locking of doors through the zero trust model is even more important while so many remote workers use home offices. They use equipment in spaces with unknown physical security and over networks of unknown quality.
A zero trust model is dynamic, calling on you to monitor, learn and adapt on an ongoing — proactive — basis.
Proactive Versus Reactive in Endpoint Monitoring
Proactive security means proactive endpoint monitoring. With the spread of internet of things devices, cloud infrastructure and remote work devices it’s more important than ever. Automate endpoint monitoring to maximize the local security of each device.
Indicators of Behavior
Active and reactive cybersecurity call for looking for indicators of compromise — the signs that indicate a breach has occurred and a cyber crime has been committed. But proactive cybersecurity looks for indicators of behavior (IoB), a collection of the actions users take.
For example, it might spot someone downloading business data to an external storage device, or uploading code to an unknown cloud service. An IoB might be a change in permissions or the switching of a person’s network on a desktop PC from the internal Wi-Fi to a mobile broadband hotspot. By collecting hundreds or thousands of these, it’s possible to construct a clearer picture of where the organization is vulnerable from a behavioral point of view. It can also make changes with minimal disruption. For example, you can get ready for a decision to disable thumb drive connectivity proactively by preparing the users who use thumb drives to find more secure options in advance. It can also isolate specific devices or endpoints to monitor closely when employee behavior puts them at risk.
Proactive Versus Reactive Is a Mindset
Proactive cybersecurity is a broad, overall approach. It involves not only specific methods and practices, but also a mindset of offensive cybersecurity.
After all, why wait until you’re attacked? Instead, you can act now and prevent the attack from ever happening.
I write a popular weekly column for Computerworld, contribute news analysis pieces for Fast Company, and also write special features, columns and think piece...