Cybersecurity often feels like taking one step forward and two steps back. An attack will appear, the security community will respond, and eventually the threat will be eradicated. Then, a few months down the road, the threat reappears in a newer and stronger form. Most commonly, it’s evolved to specifically bypass the defenses created to combat it.
This has always been true of cyberattacks. The earliest hackers searched for ways to tweak or re-purpose code after encountering a new defense. Or, rather than search for new vulnerabilities, they found new ways to exploit old ones. It has led to a vicious cycle where threats reappear regularly and reap more damage each time.
It also puts cybersecurity professionals into a perpetual game of catch up. Every new defense quickly loses its effectiveness. And when new forms of old threats arrive, they often require entirely original defense strategies. It’s the relentless nature of these attacks that makes cybersecurity such a problem. Current estimates suggest that cybercrime will cost $6 trillion annually by just 2021.
Searching for An Edge Over Hackers
The evolving nature of cyber threats means it’s unlikely any defense will be a 100-percent effective. However, that does not mean cybersecurity is hopeless. It just means the focus needs to expand beyond prevention and include minimization and mitigation.
Companies already accept that there are some risks they can’t control. For instance, a fire or severe weather event are threats that are impossible to predict and impossible to avoid. In response, companies take steps to lower the likelihood of an incident. Then they take additional steps to limit the damage if and when an incident is unavoidable.
It’s time to adopt the same approach to cybersecurity. There is much that companies can do to deflect attacks. But with the frequency and variety of attacks on the rise, it’s almost inevitable that one will be successful. Getting an edge over hackers isn’t about stopping their attacks. It’s about ensuring that attacks don’t leave a company in a weaker position.
Putting a Priority on Planning
It’s still important to invest in cyber defenses. But more resources must be dedicated to the planning and response effort. When companies are able to act quickly and confidently after an attack the total losses are much lower. And while the incident might be distracting and disruptive, it’s not destructive.
That begins by drafting a comprehensive response plan. It should detail exactly who is responsible, what to do, and when to act. That way, removing the threat and repairing the damage happens quickly and orderly.
The other layer of protection is cyber insurance. This is becoming a common form of business liability coverage specifically because cyber defense is so inconsistent. Policies activate when companies need legal, technical, or financial assistance to recover from an attack. Like any other kind of insurance, it insulates companies from a common risk.
Future forecasts of cybercrime range from turbulent to apocalyptic. This is a threat that will continue to evolve, and by all indications it will continue to accelerate. The only way for companies to feel secure is to adopt a new notion of defense. One that embraces comprehensive protections instead of focusing all the forces on the front lines.