Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
Jason Sachowski
Jason Sachowski
Connect Directly
E-Mail vvv

Be Prepared: How Proactivity Improves Cybersecurity Defense

These five strategies will help you achieve a state of readiness in a landscape of unpredictable risk.

When responding to an incident, there is always extreme pressure to gather and process digital evidence before it is no longer available or has been modified. As illustrated in the KPMG 2015 Global CEO Outlook report, half of chief executive officers polled said their organizations are either not prepared or only partially prepared to deal with a major cyber-attack.  One reason these executives gave for this lack of preparedness was because too much attention is being spent on preventing attacks, and not enough on protection and response actions.

Here are five examples of how to shift from a reactive to proactive cyber preparedness model through the process of Digital Forensic Readiness.

Maintain a business-centric focus

One of the most significant barriers to cyber preparedness success is a lack of communication. It’s important that all key stakeholders understand the business risks they are trying to manage in both business and technical perspectives.  This includes the “value-add” of cyber preparedness as well as the ecosystem of complementary people, processes, and technology controls required to become proactive.

Don’t reinvent the wheel

Cyber preparedness does not need to be completely built from the ground up.  Methodologies such as Digital Forensic Readiness follow a systematic approach that supports proactive capabilities by leveraging industry best practices, references, methodologies, and techniques from credible and reliable sources (e.g. National Institute of Standards and Technology).  The investment in time, effort, and resources to achieve cyber preparedness should focus on what is required for a successful implementation and not on re-creating materials that are readily available for use.

Security intelligence goes beyond threats

The concept of security intelligence in this model will expand beyond traditional threat information collection.  It encompasses data generated by users, applications and infrastructure so that relevant business impacts can be assessed.  The most effective security intelligence programs take longer-term trends, risks, and business into account.

Keep tabs on external relationships

Where a decision is made to outsource a portion of business operations, organizations must always retain accountability.  With a risk-based methodology, ongoing management and monitoring of the third-party relationships should proactively identify risks and validate compliance with contractual agreements.

Understand costs and benefits

Decisions to skip, substitute, or not invest the amount of time, effort, and resources requires for a successful implement will most certainly result in a failed, incomplete, or misaligned implementation.  It is extremely important that organizations fully understand the impact a cyber preparedness program will have on budgets but also the benefit that will be realized from:

  • Demonstrating incident management maturity
  • Improving the identification and mitigation of a wider range of threats
  • Increasing opportunities to detect and prevent attacks
  • Encouraging good working relationships with law enforcement and regulators
  • Reducing the need for discovering digital evidence
  • Strengthening information management strategies to produce digital evidence when or if needed.

This article was sourced in part from the book by Jason Sachowski, titled “Implementing Digital Forensic Readiness: From Reactive To Proactive Process,” available now at the Elsevier Store and other international retailers.

Related Content: 


Gain insight into the latest threats and emerging best practices for managing them. Attend the Security Track at Interop Las Vegas, May 2-6. Register now!

Jason is an Information Security professional with over 10 years of experience. He is currently the Director of Security Forensics & Civil Investigations within the Scotiabank group. Throughout his career at Scotiabank, he has been responsible for digital investigations, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
4/25/2016 | 12:39:12 PM
Maintain a business centric focus
This is an aspect that is sometimes lost amongst security professionals. The idea isn't security vs functionality when making a decision rather security to complement functionality. You don't want to put up a million dollar fence to guard a $10 asset. Cost evaluations are pivotal in the security realm.
User Rank: Apprentice
4/23/2016 | 8:45:19 PM
Optimistic point of view
An optimistic point of view, I'm more pesimistic on this issue, interesting article anyway, thx.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.