Proactive vs. reactive cybersecurity – a comparative cost analysis

Nica San Juan
Nica San Juan | Staff writer
Last updated: January 5, 2021

Disclaimer: Affiliate links help us produce good content. Learn more.

Every organization is constantly on the lookout for ways to stand up better to cyber breaches. What is your posture and how well does it serve you in detecting, avoiding and repelling threats?

Given the present-day prevalence and cost of cyber-attacks, it is imperative that every business operator undertakes an extensive review of their security posture. Understanding the various strategies is the first step to adopting an effective one.

Key strategies for fighting cybercrime

There are at least two strategies for combatting cybersecurity threats. These are:

  • Reactive – after a breach takes place if it takes place
  • Proactive – before a breach takes place

Which is the best strategy?

One of the worst effects of cyber breaches has to do with the various costs associated with the attack. A security breach will often lead to massive financial loss. But not to be ignored are other costs such as loss of consumer trust, damage to a brand’s market value and a toll on market profile.

Let us look at real-life situations that highlight the costs and benefits of the different approaches:

Reactive approach

There have been a number of high-profile attacks in recent years, including two attacks on Yahoo and one each on Equifax and Target. In the Target breach, attackers gained access to credit card details from point of sale systems. The breach affected about 2,000 stores and according to estimates, cost approximately $300 million.

At the time of the incident, Target initially announced that the data breach had affected about 40 million customers. Several weeks after the announcement, the retail giant said that about 70 million more customers had been affected as well.

According to reports from an internal interview, the CEO admitted that the company had missed the signs of the breach. Such a traditional security approach centers on detection and reaction to vulnerabilities that penetrate a network or a system.

The action begins when an incident takes place. It might not necessarily be a breach, but something threatening, suspicious or unusual has to set off the alarm system.

In most cases, the focus of the model is on establishing a strong defense wall to prevent unauthorized entry. The information security system operates in isolation independent of the business and is also specific to the organization. That means it disregards issues that may arise from connected companies.

It always keeps the lights on so to speak by consistently upgrading to the latest security software. However, it has a major downside in the sense that its view of the threat landscape is limited. Some of the major benefits of the system include:

  • It is simple and thus cost-effective.
  • There are lots of security software options to choose from.
  • It has been around the longest and has proven viability.

In spite of the above advantages, the system is not ideal for businesses that store sensitive data. The defenses are often inadequate at keeping up with the development of cyber threats.

Proactive approach

A proactive defense strategy has intelligence at its core and its fundamental building blocks include comprehensive assessments. The idea, in this case, is to use cyber intelligence data and real-time monitoring to create a picture of the security landscape.

With this approach, it is possible to get an idea of how a threat can manifest and how systems can get exploited. It thus creates an opportunity to reinforce or eliminate weak points before an exploit takes place.

It also helps in identifying areas that need further investment so as to improve overall security. Therefore, it allows the subject to implement active data protection, intrusion prevention, and dynamic distribution tech to protect data in motion and in use.

The basis of the model draws from the strategic military principle where you take the battle to the enemy. It could entail setting up traps and honeypots to attract the enemy and slow them down. It might even misdirect them to an undefended but useless part of a network.

As a result, it becomes easier to identify attack vectors and prepare better for D-Day. With this approach, you can also increase your system’s resilience against Advanced Persistent Threats (APTs) keeping the attack surface as small as possible.

In essence, the approach keeps you a step or two ahead of the attacker at all times instead of being in hot pursuit as is traditionally the case. However, to optimize its efficiency, it does not render the reactive approach redundant.

Rather, the two work best together, covering all bases to predict incidences, take defense measures and fight if necessary. In the case of the Target data breach, constant monitoring would have identified the unusual activity as soon as a handful of point of sale machines got infected.

In turn, it would have been possible to isolate them long before the infection turned into a pandemic, affecting 2,000 machines. Having honeypots and traps in place would have slowed down the attack and diverted the crooks away from customer data.

The few machines that got infected first could have served a useful purpose in tracking down the attackers.

Weighing the costs

Though every business is aware of the importance of implementing an effective cybersecurity strategy, many have doubts with regard to costs. For smaller businesses, costs could go as high as 4% of operational costs while for larger enterprises, it’s about 1-2% according to Infosecurity Magazine.

In a bid to save costs, smaller businesses at times choose to pretend that attacks solely target larger businesses. But reality paints a totally different picture. Worse still, remediation costs often exceed the cost of prevention.

In addition to remediation costs, businesses may also have to contend with lawsuits from business partners and customers, fines, client refunds and high insurance premiums among other costs.

The lesson? An ounce of prevention will always beat the many ounces of cure you have to deal with following a breach.

From hypothetical to realistic

Our could-have, should-have Target scenario remains in the realms of hypothesis. But it holds genuine merit showing just how much of a difference the use a proactive approach could make. Any hope of turning that into reality calls for a massive shift from a reactive approach to a fully proactive approach. Such an approach would be dynamic and would incorporate the necessary elements of the traditional system.

There are no comments yet No comments
Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents:
Thanks for your opinion!
Your comment will be checked for spam and approved as soon as possible.