Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


// // //
10:00 AM
Rick van Galen
Rick van Galen
Connect Directly
E-Mail vvv

Stop Playing Catchup: Move From Reactive to Proactive to Defeat Cyber Threats

One-time reactive measures can't keep up. It's time to be proactive and pick our swords and not just our shields.

Breaches are now happening with such frequency that a reactive response is no longer the correct answer. Historically, a breach would happen, a company would respond, and their customers would update passwords and move on.

Related Content:

Reactive or Proactive? Making the Case for New Kill Chains

Special Report: Building the SOC of the Future

New From The Edge: 7 Powerful Cybersecurity Skills the Energy Sector Needs Most

These breaches and attacks are happening daily, sometimes more. Over the course of 2020, losses from cybercrime rose sixfold. In the United Kingdom alone, nearly half of businesses reported some form of cybersecurity attack, and the average business cost of a data breach is close to $4 million.

These indications could mean a bunch of things. The news may come out easier, as journalists find it easier to report on them. Criminals may become more numerous and better organized. What stands out to me at least, is that more and more organizations are not ready for the world of security threats relevant in 2021.

As we adjusted to the pandemic, cybersecurity trended — quite unfortunately — in the wrong direction. While our work lives merged with our home lives, many businesses relaxed their security protocols to accommodate this shift. In a recent IDG survey, nearly 80% of IT security leaders felt their organization lacked sufficient protection against cyberattacks. And recent news indicates that many of those are being caught red handed.

The time for one-time reactive measures is over. It's time to be proactive and pick our swords, not just our shields.

So then, how can an organization even begin to build their defenses against would-be attackers? While the major fixes to outdated software and systems will take time to develop and update, there are steps that can be taken to help both in the short-term as well as building a foundation for the future.

Build a Culture of Security
Security should be a team effort — with every single employee involved. 

What this means is that security should no longer just be the responsibility of under-resourced security teams, but something everyone thinks about and deals with as part of their day-to-day work. It might start with creating a security handbook, or having a monthly security lunch-and-learn. But ultimately, empowering employees to secure their own work through training, tooling, and ongoing learning will make both your business as well as your team far more secure.

Of course, all of this begins with leadership that recognizes the security needs of modern companies, puts security first, and are ready to build the aforementioned culture of security within an organization. This can be a challenge during a time where good security experts are in high demand. Every organization is looking to bolster their defenses, so while you work on your culture of security, what else can you do?

Add a Second Factor to Your Logins
Multifactor authentication (MFA) adds a second layer of protection and should be used wherever it is available. It doubles down on identity verification and requires an authentication code after the correct password has been entered. MFA can be managed digitally on your phone or by using hardware-based authentication, which relies on a physical device such as a YubiKey.

If there's ever a case where your password has been compromised, two-step authentication makes it more difficult for hackers to access the account.

Most modern tools now have MFA as an option, and many such as Google Workspace (formerly G Suite) have the ability to enable MFA for every user in the organization. 

If you aren't sure which of your tools has MFA as an option, 2fa.directory, a community curated directory, lets you search by name, and even shows you how to enable it!

Test, Test, and Test Again!
Thankfully, as well as a world full of bad actors looking to thwart your security and breach your systems for nefarious gains, there is another, equally clever group of people who want to use their security and technical abilities to help you.

White-hat hackers, penetration testers, security researchers, and more are all available (for a fee) to break into your systems at your request and tell you what needs fixing, and how. Running a bug bounty is a great way to encourage this behavior. The researchers get a financial reward for their efforts, and you get consistent, ongoing feedback on the state of your security. 

You might think this is just advice for software vendors or IT data centers, but even if your company just has a website, you need to think about this. Every company, not just technical ones, must incorporate regular testing and auditing of how they and their suppliers process information.

A Life-Long Effort
To wrap up, I have something to say here that you might not like. This is going to take you the rest of your company's life to figure out: Attackers don't sit still, and attacks are getting more complex by the day. It's an ever-evolving picture. It also might cost you some money, but it's probably going to cost a lot less than doing nothing would. This is not a one-time project; a security culture needs to evolve and adapt.

Accepting a new IT world that is built on strong authentication and endpoint security not only makes IT more resilient against modern threats, it also helps companies transition into a remote-first world.

Rick van Galen is a security engineer at 1Password, the leader in providing private, secure and user-friendly password management to businesses and consumers globally. Based in Toronto, he spearheads the company's reputational and industry-leading security protocols. Rick is ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file