Active defense strategies to identify and address cyberattacks frequently deliver proven results, yet few organizations use these plans to minimize risk, according to a survey of 2,366 security leaders conducted by nonprofit information security organization ISACA.
Key findings from the ISACA "State of Cybersecurity 2018" survey included:
- 80 percent of survey respondents said their organization is likely or very likely to suffer a cyberattack this year.
- 50 percent have seen an increase in cyberattack volume relative to last year.
- 45 percent have responded to a ransomware attack in the past year.
- 39 percent are not familiar or only slightly familiar with active defense strategies like honeypots and sinkholes.
Today's organizations face an increasing risk of cyberattacks, along with rapidly evolving cyber threats, ISACA indicated. However, new cybersecurity technologies and strategies empower companies to understand and resolve cyberattacks faster than ever before.
How to Prepare for Cyberattacks
ISACA offered the following tips to help organizations prepare for cyberattacks:
- Invest in Talent: Find, retain and train skilled cybersecurity professionals.
- Use Automation: Leverage automation-driven strategies and tools to speed up threat detection, response and recovery.
- Develop Security Controls: Implement security controls to address common cyberattack vectors, including those associated with phishing, malware and social engineering attacks.
Active defense strategies also tend to be successful, ISACA pointed out. As such, security teams should learn about active defense strategies, how they operate and where they can best be deployed in their organizations.
What Is an Active Defense Strategy?
An active defense strategy involves the use of defensive techniques to prevent hackers from accessing critical data or resources, according to ISACA.
Eighty-seven percent of active defense strategies are effective, ISACA found in its survey. However, there are several barriers that often prevent organizations from deploying active defense strategies, and these barriers include:
- Skill and/or resource limitations.
- Budget.
- Legal implications.
A combination of cybersecurity preparation, skills development and budget is required to develop a successful active defense strategy, ISACA noted. Fortunately, MSSPs provide support in each of the aforementioned areas.
MSSPs can educate organizations about cybersecurity and help them develop active defense strategies. By doing so, MSSPs can safeguard organizations – regardless of size or industry – against a wide range of cyberattacks.
