Reactive Cybersecurity Means a Dangerous Game of Chase

Analytics & Reporting

Publish Date

Oct 15, 2016

Written by

Ernesto DiGiambattista

Tagged with

  • Continuous Security
  • Cyberattacks
  • Cybersecurity
  • Proactive Remediation

What’s on the minds of cybersecurity leaders? I had the opportunity to participate in a recent event where leading companies and cybersecurity practitioners gathered to discuss the latest—M&A activity in the security landscape, collaboration, security hygiene and the like. But there was one topic in particular that resonated with me: the strengthening of cyber threats and how continuous, proactive security is needed to thwart them.

From “Simple” Access to Dangerous Games
In the 90s, IT departments were focused on preventing malware and virus trojan horses from getting into the company and wreaking havoc. Every desktop had the latest antivirus software which hopefully, but amazingly not always, was set to update automatically. In the 2000s, cyber criminals were focused on crime, on stealing whatever information they could access. During this decade we saw the the first significant breach of customer data, where the thieves wanted credit card information to make purchase against the victims’ accounts. It also happens to be the same decade where we saw the rise of the CISO, in function if not necessarily in title. During both periods, the endgame for the criminals was always to get in and get out.  

But in the 2010s the bad guys are getting exponentially smarter, and organizations have to play a dangerous game of chase. As one barrier is implemented in answer to a breach or vulnerability, the attackers have already moved on with a different approach. This decade is now, still, again about advanced persistent threats (APT). Towards the end of 2000s, this type of threat was identified. But then “APT” became a very buzzy concept and was overused to describe a broader array of threats. At its core however, advanced persistent threats are still ominous and insidious. APT attackers don’t want to get in and get out, content with stealing thousands of credit card numbers. They want to get in, stay there for a while and steal high-value data and targets.

Think military, financial services, healthcare.

And this is usually done with customized tools that continue to morph and adapt as they sense impending detection. Yet many organizations are still taking a reactionary, defensive stance, often scanning just twice a year as required by multiple industry regulators  (e.g. OCC, SEC & HIPAA). If cyber criminals are as smart as we know they are, they likely know when those scheduled scans are, infiltrate right after and lay low until the next scan.

Proactive, Continuous Monitoring and Remediation
Forward-looking companies should adopt a continuous cybersecurity stance, employing  proactive remediation and incident response. This two-pronged approach can be successful in preventing a breach before it takes place and a commitment to incident response remediates the situation when cyber attackers pry their way in. When these two prevention measures are both given adequate resources to perform at their highest levels, cyberattacks are less likely to occur and, when they do, they will do far less damage.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles

Application Security

Learn How Powerful Metrics Can Help You Manage AppSec Tools and Risk

By ZeroNorth Jul 15, 2021

Bugs and flaws in software are common and unavoidable. In fact, about 84%[1] of software breaches happen at the application layer, which means organizations looking to ...

Read More


Accountability Through Reporting: The Path to True DevSecOps

By ZeroNorth Jun 24, 2021

Visibility within an application security (AppSec) program is key to accountability. CISOs and executive leaders can’t expect to hold developers and product lines responsible for security ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.