← Back

Proactive vs. Reactive Approaches to Cyberattack

Companies around the word continue to be plagued with cyberattacks, whether from cyberterrorists, enemy countries, sophisticated criminal networks, or hacktivists. Over time, these attacks have transformed to a point where security solutions that have worked in the past are no longer effective.

A typical scenario goes something like this. A computer hacker finds a security vulnerability and exploits it. The network security engineers patch the flaw and (sometimes) disseminate information so others can do the same. The hackers then find another security hole to exploit, the security people patch it, and the game goes on. Occasionally, security researchers find a vulnerability before attackers discover it, and then that avenue of attack is closed.

The Reactive Approach
The traditional solution was based on reacting to a threat, responding to it, and recovering from it. As the attacks become increasingly sophisticated, this approach is becoming outmoded. As a result, data breaches, identity theft, and stolen data continue to be problems.

According to a security report released in 2014:

  • The number of successful cyberattacks rose by 144%.
  • The expense of handling a data breach increased by 96%.

The time it takes to get up and running after an attack increased by 221%.

One only need look at the recent Distributed Denial of Service(DDOS) attack that crippled parts of the internet to understand that by itself, the reactive approach is largely ineffective.

Reactive methods include:

  • Disaster recovery plans
  • Private investigation services
  • Loss recovery specialists
  • Reinstalling operating systems and applications on compromised systems
  • Hardware redundancy in other locations

These reactive responses need to be ready in the event of an attack, but a proactive approach is becoming an increasingly necessary adjunct to reactive methodologies.

The Proactive Approach
 The current trend is toward taking offensive action as opposed to merely reacting to an attack. This means anticipating an attack and taking steps to prevent it. Proactive security requires an approach that incorporates human and physical security components as well as IT security to safeguard data. Many security breaches are caused by human weaknesses and lack of adherence to good security policies.w

Making things worse is the trend of allowing employees to bring their own devices into the workplace.

Threats from inside the perimeter include:

  •  Social engineering • Subversion
  • Targeted intrusion • Infiltration

Most companies find solving the human and physical problems requires management and cultural changes they’re not willing to adopt, due to the rigorous program of awareness required to support rigid security policies. Resistance to adopting this solution has led to organizations allocating more resources to proactive systems, while looking for an easy solution.

Why Static Security Fails
Static security measures implemented as “proactive security” are doomed to fail, because in most cases, they underestimate the opponent. Static measures are easily bypassed by attackers with greater knowledge and more “firepower” than corporate security professionals, who are unable to anticipate attacks or to detect them in time to stop them. Many IT security professionals don’t have the tools they need to track Advanced Evasion Techniques (AETs), and are unable to convince upper management of the need to institute them.

From Security to Defense
Today, deploying a basic monitoring system is insufficient. Moving from a security to a defense model recognizes the need to detect and respond to attacks in real time, using an appropriate response based on the attacker’s objective and attack method. This is becoming more important as businesses discover that attacks can last for days, weeks, or even months. In some cases, the goal isn’t infiltration, but a process of stealing information that can go on for years.

Incorporating automation into the cybersecurity incident response provides a high level of protection. Because intuitive technology is doing most of the work, the protection is available round the clock, surpassing the level of security possible by a human staff.

Putting It All Together
Reactive and proactive security methods aren’t mutually exclusive. Organizations need to plan to respond to successful intrusions, whether from worms and viruses, DDOS attacks, social engineering or even from disgruntled employees with insider knowledge of the network. Every business needs to decide the appropriate mix of resources to devote to proactive security measures designed to deter attacks and reactive measures geared toward responding to attacks.

New methodologies, including predictive threat intelligence and predictive analysis of past breaches, will need new personnel capabilities. At the very least, it will require partnerships between cyber- professionals and analytics experts.