First of all, Merry Christmas and a Happy New Year!! I hope you find this read to be insightful and revealing.
I began studies in cybersecurity on January 2017. If I was asked to illustrate the work of a cybersecurity professional, it would be the picture of a security analyst sitting in his work station performing defense acts such as patching, monitoring firewall activity, access control etc. I thought cybersecurity, in its essence, was defend and maintain.
Cybersecurity: What It Was
The first widely recognized cyber attack was the Morris worm virus in 1988. Robert Morris, Cornell graduate student at the time, set out to measure how large the internet was as part of a research project but it crashed computer systems due to programming error. Naturally, the follow up action was to disinfect the computer.
In 1990s, the Melissa and ILOVEYOU viruses propagated, affected tens of millions of computer systems, and caused email platforms to fail¹. Both attacks led to the development of antivirus technology.
Since then, attacks have been on the rise, but the point is that cybersecurity had been the recurring pattern of the attack occurring first, then response follows. So far, cybersecurity has been on the defensive.
Cybersecurity: What It Should Be
When attackers constantly play offense, trying to break-in to the end zone of enterprise proprietary information, companies become weary. A mental shift begins to take place, new plays are designed for a much needed interception – this is the current state of cybersecurity.
As the years go by, cyber attacks become increasingly sophisticated. Companies are now starting to understand that the best defense strategy requires playing offense – seeking out threats before they happen after conventional security measures have been made. This is the new cybersecurity.
Cybersecurity: The Mentality To Have
The mentality to have for effective cybersecurity is no longer defense alone; it is defend and offense. Playing offense is called threat hunting. As mentioned earlier, the main benefit in threat hunting is being able to find out vulnerabilities and malicious tactics that can be used against your own company before the incident actually happens.
This strategic shift becomes very effective when it is implemented at each security level from the bottom up (Analyst to CISO position). Each company may experience its own difficulties in performing threat hunting (such as lack of time, insufficient security resources etc.) but limitations should not prevent them from practicing it in some way.