Has Cybersecurity Become Too Reactive in this Day and Age?

Cybersecurity Too Reactive?

Cybersecurity today has become far too reactive. The constant innovation of hackers has meant that defenses are made up of a patchwork of web application firewalls, end-point protection, data-loss protection, and more. This can lead to a combination of end-point protections that don’t function well as a whole.

cybersecurity leadership

John Davis, CSO of Palo Alto Networks’ federal division, suggested that too many firms have given in to the hackers by resigning themselves to this reactionary approach. They accept that the hackers will access their network and therefore focus their time and resources on minimizing the damage. “Some of our industry has given up on the ability to prevent and is focused primarily on detection and response, which means, with a mindset like that, it means you’re always involved in cleaning up aisle nine, as some people like to say.”

Instead, he urges companies to adopt a more forward-thinking approach, an enterprise-wide culture that starts from the top. “Look at the headlines—breach after breach after breach. And so, these issues today are becoming CEO and boardroom issues. They are not dealt with strictly in the environment of the IT world.”

A recent Economist Intelligence Unit (EIU) survey (sponsored by VMWare) found that nearly half of C-suite respondents felt that cybersecurity measures were a hindrance to critical functions, delayed product launches, and stifled innovation. Given that average costs for each lost or stolen record containing sensitive and confidential data hit $158 this year, it seems counterintuitive to adopt a reactionary security policy that drains time, money, and resources.

Jim Payne at Ring Central argues that this culture leads management to becoming apathetic and resentful of cybersecurity spending, fuelling a reactive culture rather than a proactive one. By allocating your cybersecurity budget to plan ahead, you allow IT executives to prioritize against the greatest threats and deploy next generation defenses before potential breaches are exposed.

Effective planning and prioritization also gives IT a fighting chance of deploying flexible, adaptive solutions versus asking management to allocate budget for cybersecurity that will be outmoded by the time it is deployed,” says Payne.

Another study performed by the EIU found that a proactive, enterprise-wide cybersecurity strategy could reduce the growth of cyber attacks and breaches by 53% over comparable firms.

cyber reaction

Board engagement is key to this strategy succeeding: only the C-suite has the influence and resources to effect a truly efficient and effective transformation of cybersecurity policy. Jeffrey Ritter, author of Achieving Digital Trust, states that, “Boards become actively involved in security when they realize that security drives revenues and customer loyalty… If partners or customers are not confident about how secure your business is, they will decide to not do business with you.”

As well as changing policy from within, there are measures that can be taken to find bugs that you miss, such as “bug bounty” programs—offering rewards to ethical hackers for discovering flaws before they can be taken advantage of.

This isn’t a change that can be made overnight. It takes time and effort to develop good security governance across an entire organization. However, with a forward-thinking and education-driven security policy, you can expect to see significant savings and a reduction in cybersecurity breaches. It is critical that this culture is adopted and driven from the top down, or the reactive and unreliable approach may start to creep back in.

Sponsored series courtesy of Ring Central 

By Josh Hamilton

Matrix
When sci-fi films like Tom Cruise’s Oblivion depict humans living in the clouds, we imagine that humanity might one day leave our primitive dwellings attached to the ground and ascend to floating castles in the ...
Cloud Image Migration
Effective Cloud Migration Monitoring The global pandemic witnessed the digital transformation of businesses in the cloud.  Today, even as the world resumes to normal, the end-to-end innovation in business strategies has kept the momentum going ...
Gary Taylor
Hybrid Worker Risks Organizations are under pressure to secure their remote workers, but they are also worried about the potential impact on user experience. Can they have it both ways without compromise? The pandemic has ...
Dinesh Varadharajan
The Future with Automation Many entrepreneurs believe digital technologies will transform the way their companies work. By 2022, the worldwide hyper-automation technology market is expected to be worth $596.6 billion. And by 2055, almost half ...
Ray Meiring
Proposal Management Software Benefits Amid the COVID-19 pandemic-induced supply chain and market challenges, 2021 started to course correct, allowing many companies to resume business operations. As a result, request for proposals (RFPs), sales proposals, and ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.