By Guy Golan, CEO of Performanta
As the threat of cyber-attacks continues to increase exponentially, a debate has erupted over the years, leaving organizations to choose between two sides. One focuses on the time before a breach, campaigning for the defense against attacks in the first place, while the other comes after, claiming that damage mitigation is the best way to respond to threats.
But now we’ve reached a whole new level of cyber-attacks. With breaches becoming more frequent and more advanced than ever before, can businesses really choose between the two sides? Aren’t both strategies just as vital as each other?
There are huge limitations to implementing only one cybersecurity strategy, and we certainly wouldn’t rule one out in our personal lives, even if to save a bit of money (we have locks on our homes to ‘prevent’ attacks and burglar alarms to ‘mitigate’ against damage).
Businesses need to allocate resource to prevent breaches, as well as having defenses in place to mitigate the damage when they do occur. The level of risk today means it makes financial sense to adopt both options when just one fatal blow could bring a company to its knees.
Who are businesses up against?
Businesses are attempting to navigate a minefield when it comes to defending their networks due to the increase in attack vectors, and adversaries getting bolder and more sophisticated over time.
As it stands, ransomware remains the biggest threat to organiszations. According to SonicWall, the past year witnessed 623.3 million ransomware attacks across the world, which is a 105% increase compared to the previous year. The repercussions of such an attack can be huge: financial costs of getting systems back online; the time and money required to recover lost assets; any regulatory implications because of compliance failures; and the long-term damage to business reputation of experiencing a breach.
Given the severity of the threats currently darkening our doorways, why is the debate between attack prevention and damage mitigation still ongoing?
It’s not one or the other
Cybersecurity has evolved dramatically over the years, with business networks now extending beyond the four walls of an office. It is no longer enough to rely on endpoint protection and firewalls to defend the organization.
So naturally, businesses turn to the cyber market to pick out their next solution to add to the security stack. Thanks to the exponential rise in attacks, cyber investment has skyrocketed. The DCMS Annual Cyber Sector report showed that the cyber industry contributed around £5.3 billion to the UK economy in 2021, rising by a third on the previous year.
But despite this increase in investment, attackers are still breaching their targets. And the unfortunate reality is, they will continue to do so. This is often why businesses choose to prioritize damage mitigation – if there’s no stopping them, then let’s limit what they can reach.
While a valid attitude, it’s unwise for organizations to neglect a prevention approach alongside. We need to proactively monitor for threats, not only to help protect critical business assets, but to also harvest invaluable insight into criminal attack trends to feed into future defense strategies.
Knowing where to start
Addressing your business’s cybersecurity is a daunting task, with teams often overwhelmed by the incoming risks and subsequent needs to evolve defenses from both a prevention and mitigation standpoint. Here are a few key considerations to get companies started:
As we all know, compliance is an absolute must, but it does not reflect the level of security that businesses ought to be adopting. Organizations should focus on risk-based security, dedicating efforts to understanding what the business risks are, and how they translate to cyber risks.
Real time data
Teams should work tirelessly to gain real time insight into what their security controls look like, and how they’re functioning. Without this level of knowledge, it’s impossible to paint a picture of what controls protect which aspects of the network, and which are left defenseless. A real-life example would be a mansion with 50 doors. In order to achieve complete security, the occupants need to know the exact number of entrances, whether each door is locked, and how many of those are also alarmed. Without this data, security becomes a guessing game – and that’s a dangerous game to play.
Breaking down risk into different contextual groups is vital. This includes by time, and relevance to department, people or data. Businesses need to understand which risks are imminent and which are general, to quantify them in terms of a defense mechanism.
An open culture
And finally, organizations should be promoting a culture that encourages regular sessions between the CISO and their team with real-time data to take action against each risk. While we understand this is a tall order for organizations, especially given the extraordinary pressures already on their shoulders, it’s becoming more and more essential. As technology advances, we need to evolve our strategies to get the most out of our systems. We need a unified culture and real-time data to lower the risk and reduce the impact – tackling both ends of cybersecurity.
A dual security system
The pressure to adopt both strategies has never been so high. From state-sponsored attacks following Russia’s latest activity, to Ransomware-as-a-Service redefining the threat landscape, the avenues used by attackers grow in number and severity.
In a constantly evolving environment, there is no simple answer to the very best cybersecurity strategy. All businesses can do is try to keep ahead of the curve, improve their security posture and protect their network through prevention and mitigation.
Above all, the most important aspect of a cyber strategy is mindset. Ensuring you have complete oversight of your system, remaining proactive in your approach and eliminating complacency are some of the most important elements to any cybersecurity strategy.