When it comes to cybersecurity, IT has long been tasked with building response and recovery capabilities with the objective being to react to a security incident as quickly as possible and then restore business functions quickly and with as little damage as possible. The need for these activities is certainly not going away. But the strongest approach is to take proactive steps to reduce the risk in the first place.
On the proactive side, you’re trying to predict what kind of attack can occur in your environment and find your vulnerabilities before others do – with the goal being to reduce your risk before it materializes. A proactive strategy can do more to ensure organizational resiliency than simply being prepared to respond once an attack or breach has been detected.
The goal should be to reduce cyber risks and then further to prevent them from being exploited. A proactive approach to securing your technology is always the best strategy. So, what do organizations who have embraced a proactive strategy look like? Here’s what they commonly do:
1. They understand what they have, what they must protect, and what they’re protecting against
To build a proactive cybersecurity stance, first you need to understand what you have, know what requires the highest levels of protection, and recognize the risks the organization is willing to accept. This helps identify the threats which pose the biggest risks and therefore require the most attention. A proactive cyber team understands their organization’s risk profile and can identify risks that the organization hasn't faced yet. This is a key component of being able to prevent attacks from occurring - because they understand what needs to be protected and can think through all the ways it's vulnerable.
Security is a never-ending activity and neither should “Continuous identification” be. Know what you are defending and why. Understand all the associated risks and continuously do so. Be the expert in terms of your attack surface and know it well. And keep in mind - it will change and grow over time.
2. They have strong user authentication policies and a zero-trust approach
Proactive security teams have a good understanding of not only their IT environments and their organization’s risk profile, but they also have a rock-solid understanding of who and what is accessing their network and each of their systems through strong user authentication policies. Policies such as multifactor authentication help ensure that only authorized users get into the enterprise IT environment and work to keep all others out.
We’re seeing more and more strong authentication requirements being implemented as part of the move to a “zero trust” strategy. This is where all users – whether humans or devices – must verify they’re who they say they are before gaining access. Zero trust goes even further: it also restricts authenticated users’ access to only those systems and data they need to do their jobs. Following the principle of least privilege is one more way for security to move its focus away from responding to incidents to proactively preventing them.
3. They’re agile and adaptive
Another key for getting ahead of hackers is the ability to pivot as quickly – if not more so – than the bad actors. The more successful organizations have adopted “attack-centric thinking where you avoid a static check-box approach, continuously evolve your tactics, and think like an attacker. A solid proactive defense capability is flexible and often shifting to meet the constantly evolving threats.
4. They’re plotting for the future
Similarly, a proactive approach is always aware of emerging tools, techniques, and regulations. Moreover, they incorporate them into their strategies and their security programs before they become mainstream or mandatory. Part of this strategy needs to take the approach that they look to what’s changing in their own enterprise environments or in the broader market, an approach that lets them ready their security team in advance of those changes. Proactive security functions are thinking about all this now and then putting together a roadmap for three to five years out. There’s significant value in “looking ahead and knowing the future.”
5. They’re watching for impersonators
Proactive security also means looking for any misuse of their domain names, company logos, and other identifiers. Security teams typically use SaaS-based tools or work with a managed security service provider for domain name monitoring that searches for spoofing and other forms of brand impersonation. This monitoring can alert security teams early to hackers trying to use spoofed websites, hijacked corporate logos, and other forms of impersonation for phishing and other types of socially engineered attacks – thereby enabling security teams time to counteract or even completely shut down those attack attempts before they become full-scale assaults or have any level of success.
6. They hunt for threats
Bad actors frequently try to obfuscate their activities as they try to make their way through corporate networks and systems in search of a big payoff. (IBM’s 2022 Cost of a Data Breach Report, for example, found that organizations took an average of 207 days to identify a breach.)
That delayed identification has been a longstanding issue, one that puts security into a reactive mode. To counter that, IT is increasingly turning to threat hunting to find any bad actors lurking in their environment before a breach or other attack occurs.
Threat hunting pays off. According to the SANS 2022 Threat Hunting Survey, 85% of respondents said threat hunting has improved the security posture of their organization. Meanwhile, experts say the use of machine learning and artificial intelligence should boost such figures even higher by helping enterprise security teams find threats even more quickly.
7. They hunt for vulnerabilities
A strong vulnerability management program that identifies which known vulnerabilities exist within an organization and prioritizes patching those that present the highest risk is an important mark of a good security strategy.
IT teams who want to be proactive should go one step further and add vulnerability hunting to their programs. Vulnerability management programs have traditionally focused on addressing known problems, whereas vulnerability hunting challenges IT to uncover unknown ones – such as insecure software code or misconfigurations that are unique to their own IT environments.
8. They practice their response
It may seem counterintuitive, but proactive security teams also regularly practice how they’ll respond and react in the event of a successful attack. This practice (typically in the form of running table-top drills) lets organizations get ahead in a few ways. Because drills imagine and articulate how attacks could happen, they help security teams identify the vulnerabilities in their existing security programs. They can then work to close those gaps and, hopefully, prevent their imagined scenarios from happening.
The drills also help identify deficiencies in response plans, which allows management to close those gaps as well. These drills also build muscle memory, meaning the organization can move more quickly, efficiently and effectively when a true event does occur so they can minimize the damage and get back to normal sooner.
The goal of a strong cybersecurity strategy is to reduce cyber risks and then further to prevent them from being exploited. And a proactive approach to securing your technology (as detailed above) is always the best strategy.
What do you think? Has this info been helpful? Are there any ways that we can help you to more proactively secure your environment? Please let us know in the Comments box below or shoot me an email if you’d like to discuss this in more detail.