Technological and computer development accelerates every year, forcing companies and organizations to constantly update themselves to respond to the rapid changes in the environment. Although advances translate into new opportunities, they are also accompanied by unknown risks that may affect the integrity of our data and services and those of our collaborators.
Faced with this situation, there are two complementary protection approaches in cybersecurity, and understanding them will help us define a more robust defence strategy to protect your business better: reactive security and proactive security.
What is reactive security?
Reactive security refers to measures that try to improve our defences against common cyberattacks and identify those that have already been violated. These measures are considered an essential element of system security.
Because it is essential? To understand it, let’s give an example transferred to our business strategy. Suppose our business is dedicated to electronic commerce, and we receive a complaint about a delay in the shipment of one of our products. In this case, in addition to trying to resolve the incident, we will analyze the causes that have caused the delay: if it is due to the preparation and shipment of the package to the transport company…
Returning to the security of our business, our website could be the object of an attack that would disable its activity. In such a case, an attempt would be made to resolve the incident as soon as possible. Still, its origin would also be investigated (if there have been breaches in the security systems, if our credentials have been stolen and how etc.) to apply corrective measures. This set of actions is part of vulnerability analysis.
Faced with this situation, we can establish a series of techniques under this reactive approach:
Updating all systems: First of all, it is essential to update our systems, especially concerning defence tools such as antivirus and firewall, since they can detect not only the attack but also prevent it.
Contingency and business continuity policy: If these measures fail and an incident occurs, it will be necessary to manage the situation. It will be essential to have a contingency and business continuity policy. This must include all actions to recover or lessen the consequences of an incident, be it physical or cybernetic. In addition, it will also help us avoid making decisions that could harm us in a critical situation.
Reactive security may not immediately detect possible threats, even never identify the most invisible threats to the company’s information systems.
In any case, the effects could be severe depending on the nature of the incident and even having applied the above security measures. For this reason, staying ahead of cyber threats and knowing the possible targets of cybercriminals in our Organization will constitute our best defence strategy.
What is proactive security?
Unlike reactive security, this approach focuses its objective on preventing incidents, that is, identifying risks or vulnerabilities present in the system before they are exploited for unlawful purposes or that cause data leakage involuntarily. Below we will tell you the leading techniques and strategies of proactive security:
Ethical hacking or pen-testing: One way to identify risks is to attack our company. In other words, we carry out a controlled attack that allows us to detect security breaches in our systems and thus anticipate intrusion attempts by cybercriminals. These types of actions are called ethical hacking. Until now, only large public and private corporations had access to these services. However, with the increase in cyber attacks on SMEs, using this figure through outsourcing or as internal company personnel is recommended.
Zero Trust security model: On the other hand, the Zero Trust or “zero trust” models require the user to undergo a verification process each time they access the company’s services. This means that a system based on Zero Trust “distrusts” any user, which allows us to anticipate any malicious intrusion attempt into our system.
Data Loss Prevention: Along the same lines, establishing a Data Loss Prevention (DLP) will allow us to identify sensitive company information and monitor its transfer. Thanks to this set of tools and processes, a series of rules can be established to prevent data leakage, for example, through email, blocking its shipment, etc. In addition, notification rules can be configured to notify the user of the risk actions they carry out.
Protection of endpoints: Protection of endpoints ( Endpoints ) is a technique widely used today to improve the proactive security of companies. Especially since the number of cyberattacks received through devices that connect to information systems from outside the company’s network is increasingly frequent. Because they have less protection, there is a greater risk of suffering a cyber attack. Taking into account the teleworking trend that is here to stay, companies need more visibility, monitoring and control of their information outside the security perimeter of their company, with particular emphasis on the fact that these tools guarantee control of the most sensitive data of Organization when accessed from devices outside the company network.
Cyber intelligence: The challenges organisations face when protecting their information systems are known and unknown. Therefore, the use of intelligence provides a valuable security layer. For years, open-source intelligence (OSINT) has been used to obtain helpful information for the company, not only in cybersecurity but also for other departments such as marketing and sales…
Threat hunting: There are different models to search for threats in the company network through automated tools or manual models. Some companies include artificial intelligence to improve their capabilities in automatic threat detection.
Awareness and training in cybersecurity: There is no less critical measure, and it is within our reach: The culture in cybersecurity. The European Union Agency for Cybersecurity (ENISA) has recently published Awareness raising in a box, a package to implement cybersecurity awareness measures in companies.
By applying these measures, we will promote the proactive security of our information systems, generating cost and time savings for the company by identifying threats and vulnerabilities in the company’s information systems.
Developing cybersecurity awareness and culture could prevent an essential part of security incidents. Publicizing the risks to which we are exposed at work and promoting good practices can provide more significant involvement of the members of the Organization, which constitute the first line of defence.