In today’s modern era almost everyone is well aware of cyber security. But for the sake of those who still know nothing about this let me explain what cyber security is.
Cyber security is the group of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.
Ensuring cybersecurity requires coordinated efforts throughout an information system. Elements of cybersecurity include:
- Information security
- Network security
- Application security
- business continuity planning
- Disaster recovery
- Operational security
- End-user education
One of the most problematic elements of cybersecurity is that it has become more responsive or reactive due to the quickly and constantly evolving nature of security risks. The traditional approach has been to concentrate on the most crucial system components and protect against the biggest known threats, however: this approach left some less important system components defenseless and some less dangerous risks not protected against. The constant modernization of hackers has revealed that defenses are made up of a patchwork of web application firewalls, end-point protection, data-loss protection and more. This can lead to a combination of end-point protections that don’t function well as a whole. Such an approach is insufficient in the current cyber scenario.
John Davis, CSO of Palo Alto Networks’ federal division, argues that many firms have open the gates for hackers by restricting themselves to reactive approach. They believe that the hackers will attack their networks and therefore focus their valuable resources on minimizing the damage. “Some of our industry has given up on the ability to prevent and is focused primarily on detection and response, which means, with a mindset like that, it means you’re always involved in cleaning up aisle nine, as some people like to say.”
As an alternative, companies need to adopt a more forward-thinking approach, an enterprise-wide culture that starts from the top and also firms need to do more of the basic blocking and tackling in security, starting with thoroughly going through the inventory of digital assets and understanding the potential risks to their business.
But, this change cannot be achieved overnight. It consumes time, money and efforts to grow a culture of offensive security governance across an entire organization. Moreover, by developing an ethos of advanced thinking and offensive-driven security policy, you can forecast noteworthy financial savings and a decline in cyber security breaches. It is also worth mentioning that this offensive cyber security culture is adopted and implemented from the top to bottom, or the reactive / responsive and defensive approach may sneak back.