Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
10:00 AM
Rick van Galen
Rick van Galen
Connect Directly
E-Mail vvv

Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats

One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.

Breaches are now happening with such frequency that a reactive response is no longer the correct answer. Historically, a breach would happen, a company would respond, and their customers would update passwords and move on.

Related Content:

Reactive or Proactive? Making the Case for New Kill Chains

Special Report: Building the SOC of the Future

New From The Edge: 7 Powerful Cybersecurity Skills the Energy Sector Needs Most

These breaches and attacks are happening daily, sometimes more. Over the course of 2020, losses from cybercrime rose sixfold. In the United Kingdom alone, nearly half of businesses reported some form of cybersecurity attack, and the average business cost of a data breach is close to $4 million.

These indications could mean a bunch of things. The news may come out easier, as journalists find it easier to report on them. Criminals may become more numerous and better organized. What stands out to me at least, is that more and more organizations are not ready for the world of security threats relevant in 2021.

As we adjusted to the pandemic, cybersecurity trended — quite unfortunately — in the wrong direction. While our work lives merged with our home lives, many businesses relaxed their security protocols to accommodate this shift. In a recent IDG survey, nearly 80% of IT security leaders felt their organization lacked sufficient protection against cyberattacks. And recent news indicates that many of those are being caught red handed.

The time for one-time reactive measures is over. It's time to be proactive and pick our swords, not just our shields.

So then, how can an organization even begin to build their defenses against would-be attackers? While the major fixes to outdated software and systems will take time to develop and update, there are steps that can be taken to help both in the short-term as well as building a foundation for the future.

Build a Culture of Security
Security should be a team effort — with every single employee involved. 

What this means is that security should no longer just be the responsibility of under-resourced security teams, but something everyone thinks about and deals with as part of their day-to-day work. It might start with creating a security handbook, or having a monthly security lunch-and-learn. But ultimately, empowering employees to secure their own work through training, tooling, and ongoing learning will make both your business as well as your team far more secure.

Of course, all of this begins with leadership that recognizes the security needs of modern companies, puts security first, and are ready to build the aforementioned culture of security within an organization. This can be a challenge during a time where good security experts are in high demand. Every organization is looking to bolster their defenses, so while you work on your culture of security, what else can you do?

Add a Second Factor to Your Logins
Multifactor authentication (MFA) adds a second layer of protection and should be used wherever it is available. It doubles down on identity verification and requires an authentication code after the correct password has been entered. MFA can be managed digitally on your phone or by using hardware-based authentication, which relies on a physical device such as a YubiKey.

If there's ever a case where your password has been compromised, two-step authentication makes it more difficult for hackers to access the account.

Most modern tools now have MFA as an option, and many such as Google Workspace (formerly G Suite) have the ability to enable MFA for every user in the organization. 

If you aren't sure which of your tools has MFA as an option, 2fa.directory, a community curated directory, lets you search by name, and even shows you how to enable it!

Test, Test, and Test Again!
Thankfully, as well as a world full of bad actors looking to thwart your security and breach your systems for nefarious gains, there is another, equally clever group of people who want to use their security and technical abilities to help you.

White-hat hackers, penetration testers, security researchers, and more are all available (for a fee) to break into your systems at your request and tell you what needs fixing, and how. Running a bug bounty is a great way to encourage this behavior. The researchers get a financial reward for their efforts, and you get consistent, ongoing feedback on the state of your security. 

You might think this is just advice for software vendors or IT data centers, but even if your company just has a website, you need to think about this. Every company, not just technical ones, must incorporate regular testing and auditing of how they and their suppliers process information.

A Life-Long Effort
To wrap up, I have something to say here that you might not like. This is going to take you the rest of your company's life to figure out: Attackers don't sit still, and attacks are getting more complex by the day. It's an ever-evolving picture. It also might cost you some money, but it's probably going to cost a lot less than doing nothing would. This is not a one-time project; a security culture needs to evolve and adapt.

Accepting a new IT world that is built on strong authentication and endpoint security not only makes IT more resilient against modern threats, it also helps companies transition into a remote-first world.

Rick van Galen is a security engineer at 1Password, the leader in providing private, secure and user-friendly password management to businesses and consumers globally. Based in Toronto, he spearheads the company's reputational and industry-leading security protocols. Rick is ... View Full Bio
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...