In recent years preventing cyber attacks seems to have fallen out of vogue, says Mike Fumai, President and Chief Operating Officer at AppGuard in a recent opinion piece on CSO. At the beginning of the article Fumai contends that it’s become standard practice to buy in to the philosophy that “a pound of detection and reaction is worth more than an ounce of prevention.”
But, as those in the industry and other keen observers have frequently commented the detection and reaction model, often referred to as security whack-a-mole is not only ineffective in terms of protecting information security and network integrity, but also wastes resources for the IT/Sec-Ops teams that could be put to better use in meeting the mission.
Beyond tying up both IT and human capital in an act of identifying that yes, indeed a breach has occurred, Fumai’s point that “…following the theft of your intellectual property or trade secrets, how are your losses lowered by knowing you were breached?”
For federal government, data breaches aren’t just an internal problem. Even the most minor breach involves the violation of HIPPA, FISMA, PCI, or other data protection standards and, in turn, results in serious financial consequences in terms of fines, loss of trust and reputation, intellectual property theft, or the loss of state secrets.
So, to answer Fumai’s question, your losses aren’t lowered by knowing you were breached, they are, in fact, increased manifold. Actual security, as opposed to security theater, means that prevention has to become the number one objective and the primary goal of any Sec-Ops team.
Before arguing that it’s not possible to prevent attacks, especially zero-day attacks, have a look at Fumai’s article in full. It’s a convincing read. You can find it here.