Reactive vs. proactive security: Three benefits of a proactive cybersecurity strategy


I’ve been writing cybersecurity articles for many years, and in that time, I have only seen increasingly complex security threats. Cybercriminals take their craft seriously. They treat cybercrime as a business, looking for ways to maximize profit while seeking innovative methods to circumvent our efforts to protect our businesses.

The figures speak for themselves. A McAfee report found that the average enterprise has 14 misconfigured IaaS instances resulting in an average of 2,269 misconfiguration incidents per month. The result of the myriad of security vulnerabilities is that in Q1 of 2020, alone, 8.4 billion data records were exposed.

An organization has a choice. Cybersecurity threats can be tackled using a “proactive security” and/or a “reactive security” approach. But what do these terms mean and is one approach better than the other?

Findings on proactive security from the CRAE Report

Proactive security was given the thumbs up in the Q2 2020 Cyber Risk Alliance, Cybersecurity Resource Allocation and Efficacy Index (CRAE) report. Researchers found that organizations with 500 or more employees in North America and Europe emphasized proactive security measures to protect assets and detect breaches, as opposed to a purely reactive security approach. What makes this report even more interesting is that the data was collated during the COVID-19 pandemic. The results demonstrate the confidence that organizations have in a proactive security approach.

It is also worth remembering that cybercriminals do not care what area a business operates in or what size a company is. Often, the smaller organization is a target simply because it will not have the resources to fight cybercrime. According to a 2019 Ponemon Institute study, 76% of US SMBs have been a target of a cyberattack. However, 88% of those SMBs spend less than 20% of their IT budget on cybersecurity. The CRAE (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: