Light Dark
October 20, 2021 By Mike Elgan 3 min read
Data Protection
Fraud Protection
Risk Management
Security Services

Most organizations take what you might call an active approach to cybersecurity, They’re prepared to do certain things once an attack happens. Or, they take a reactive approach, taking action after an attack is completed. A proactive cybersecurity strategy is about acting before any attack occurs; it’s a good cybersecurity posture of readiness.

Take a look at the policies, tools and practices that make up proactive cybersecurity measures.

Proactive Versus Reactive and Active Review

The creation and review of security tools, protocols, policies and practices are far too often a set-it-and-forget-it process. Yet the world is constantly changing. A proactive approach is to constantly review all this with an eye toward emerging threats, new tools and new ideas, updating everything frequently. The same goes for training. You should actively review the ‘curriculum’ for cybersecurity awareness and related employee training at least quarterly.

Ethical Hacking

Instead of waiting for an attack, it’s best to do the hacking yourself. Certified ethical hackers can probe your defenses, hunting for vulnerabilities and defensive weaknesses. These offensive security researchers use the same methods and tools as malicious attackers. Red team/blue team exercises, penetration testing and other simulations enable your people to learn from cyberattacks without really being attacked.

Automate Intelligence

Use tools that create insights into what’s happening on your networks and respond automatically. The proactive approach means that you have as many fixes as possible already locked and loaded. Intelligent software hunts 24/7 for breaches and odd behavior, ready to isolate and fix when something does happen. This is offense rather than defense.

Zero Trust

Using the active approach, you can lock the doors when your system detects intruders. But with the proactive approach, you can lock the doors before they arrive.

Zero trust strives to verify and authorize every device, app and user attempting to access every resource.

For attackers, even if they can steal a password, they still find the doors locked because they don’t have an authorized device. This proactive locking of doors through the zero trust model is even more important while so many remote workers use home offices. They use equipment in spaces with unknown physical security and over networks of unknown quality.

A zero trust model is dynamic, calling on you to monitor, learn and adapt on an ongoing — proactive — basis.

Proactive Versus Reactive in Endpoint Monitoring

Proactive security means proactive endpoint monitoring. With the spread of internet of things devices, cloud infrastructure and remote work devices it’s more important than ever. Automate endpoint monitoring to maximize the local security of each device.

Indicators of Behavior

Active and reactive cybersecurity call for looking for indicators of compromise — the signs that indicate a breach has occurred and a cyber crime has been committed. But proactive cybersecurity looks for indicators of behavior (IoB), a collection of the actions users take.

For example, it might spot someone downloading business data to an external storage device, or uploading code to an unknown cloud service. An IoB might be a change in permissions or the switching of a person’s network on a desktop PC from the internal Wi-Fi to a mobile broadband hotspot. By collecting hundreds or thousands of these, it’s possible to construct a clearer picture of where the organization is vulnerable from a behavioral point of view. It can also make changes with minimal disruption. For example, you can get ready for a decision to disable thumb drive connectivity proactively by preparing the users who use thumb drives to find more secure options in advance. It can also isolate specific devices or endpoints to monitor closely when employee behavior puts them at risk.

Proactive Versus Reactive Is a Mindset

Proactive cybersecurity is a broad, overall approach. It involves not only specific methods and practices, but also a mindset of offensive cybersecurity.

After all, why wait until you’re attacked? Instead, you can act now and prevent the attack from ever happening.

 |  |  |  | 
Mike Elgan

More from Data Protection
March 27, 2024

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

March 12, 2024

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

March 5, 2024

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature