Preventive Security – Alive or Dead

September 20, 2017 | Views: 2938

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here
Preventive Security – Alive or Dead
There are some new buzz words in the cyber security industry today. Terms such as “data-driven security” and “security analytics” seem to be in the forefront and what all of the “cool” kids are talking about while the “old-timers” dig in and continue to believe that all security problems can be easily solved using customary prevention and detection methods. So who’s right? The answer is, at least to me, they both are. Both schools of thought are correct because implementing a data-driven defense strategy does not replace your existing preventive strategy. A Data-driven cyber security framework will only enhance and amplify an organization’s already existing cyber security strategy.
The 2016 Verizon Data Breach Investigations Report (VDBIR), which should be mandatory reading for all security professionals, uses a finalized data set that is made up of 64,199 (adjusted from over 100,000) security incidents of which approximately 2600 (adjusted from 3,100) were confirmed data breaches. These numbers may seem staggering at first and one could hardly blame another for concluding that preventive security measures are failing us but as we dive further into the VDBIR and other industry reports the real picture begins to become clear. It is not that preventive measures are failing organizations. The problem is usually that organizations, for whatever reason (budget, skill-set shortfall, etc.) seem to be the ones that are dropping the ball when it comes to security prevention safeguards.
Active Data Breach Landscape
Let’s take a look at the data breach landscape over the last couple of years. In 2014-2015 we observe through reporting that organizations were often extremely negligent when it came to implementing even the simplest of mandatory security prevention techniques. Let’s take the US Office of Personnel Management (OPM) data breach for example. This breach resulted in a loss of over 21 million records of individuals and their Personally Identifiable Information (PII). The report filed by the Office of the Inspector General concluded that “OPM did not maintain a comprehensive inventory of servers, databases and network devices”. In reality, the auditors were unable to tell if OPM even had a simple vulnerability scanning program in place. So, as we see here with OPM, it is not that preventive security measures failed us. It was the improper (or in OPM’s case lack of) implementation of preventive security measures that failed us which unfortunately seems to be more the “norm” rather than the exception these days.
With the assistance of data analytics, we can clearly see that cyber security prevention is certainly not dead. What the data is telling us though is that across the industry we need to be more competent and proficient in implementing both our preventive and detective security solutions and defenses. Only after this is accomplished successfully will organizations then be poised to begin overlaying a data-driven cyber security framework and reaping the rewards of becoming more laser focused on the most critical threats that may harm their organization.
Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
1 Comment
  1. Thanks for the write-up. A security professional is a “risk advisor” and if proper governance is not in place, he can “recommend” that the OS be patched by – let’s say Tuesday 5PM – what happens if the servers are not patched?

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?