Threat prevention. It sounds like the most sensible approach to protecting against cyber threats, right? Every business owner today has a broad understanding of what firewalls and antivirus software do, and probably even appreciates the importance of training staff to recognise potentially malicious hacking techniques.
We’re certainly not arguing for an end to traditional perimeter and endpoint protection techniques, but focusing relentlessly on threat prevention is a short-sighted and foolhardy strategy. Prevention is actually just one of a key trio of approaches that is essential to keep organisations safe in today’s cyber threat landscape.
Why is prevention inadequate on its own?
Very simply, threat prevention can never be 100% effective. This doesn’t mean that firewalls, antivirus, sandboxing and so on don’t have their place – far from it. They are extremely effective at keeping huge swathes of malicious content out of organisation’s infrastructures. The most sophisticated tools can also proactively recognise brand-new threats or general signs of malicious activity.
However, in a world in which cyber-criminals are continually developing new malware and new attack techniques – and a world in which human error and carelessness can never be entirely mitigated, no matter how well your train your staff – it is far more sensible to assume that one day, somehow, something malicious will slip past those defences. And what then?
A comprehensive cyber defence strategy for today needs to work not on the basis of preventing all cyber-attacks from ever occurring, but on the basis of reducing the impact of those attacks as far as possible.
A second and third line of defence
This where the other two parts of the trio come in.
First, since we’re working on the basis of ‘not if, but when’ a cyber threat will get inside your infrastructure, you need to think about how to pinpoint that moment of ‘when’ as precisely as possible. In other words, you need to think about threat detection.
Rapid, comprehensive threat detection can make the difference between a cyber-attack that is neutralised before it does any real damage, and a threat that slips in and out, harvesting masses of valuable data, without even being noticed at all. That’s a huge spectrum of potential impact. A huge variety of automated threat detection systems are available; it’s important to look for one that doesn’t just identify when malicious activity is taking place, but also analyses and, where possible, isolates it.
This draws us to the third part of a comprehensive cyber defence strategy: incident response. Again, working on the basis that, sooner or later, a cyber-attack will affect your organisation, you need to be able to deal with it as effectively as possible. And that means understanding it as thoroughly as possible.
All businesses should have a comprehensive incident response plan in place, which covers everything from technical disaster recovery (DR) to both internal and external communications. All employees should understand what the possible impact of an attack is on them and what behaviours they should individually be undertaking and, if operations are affected or customer data compromised, all external stakeholders should be informed also.
Another key aspect of incident response lies in analysing and understanding the attack in as much detail as possible, and then feeding that intelligence into future threat prevention. Indeed, the entire trio of strategies should work in harmony, informing and enhancing each other.
‘You can never prevent cyber-attacks entirely’ might sound like a defeatist attitude, but in fact it is the key to both understanding the true dynamism of today’s threat landscape, and of building a proactive and effective defence. One strategy is inadequate, two is better, but three is best of all.
Do you know how secure your business is? Sign up for a free assessment here.