This is the perspective that everyone probably thinks of when we talk about cybersecurity.
A preventive perspective aims to stop hackers and other malicious actors from being able to get into the system. This is usually done by implementing measures that makes a system less exploitable. Examples of this include hardening internal infrastructure, appropriate privilege control and fixing any known critical vulnerabilities. Spending on this approach has been largely successful as industry standards for secure coding have improved overall. In addition, developers are getting more familiar with common exploits, allowing them to be addressed during development.
As a result, most software releases contain very few (if any) critical zero-day vulnerabilities that hackers can exploit. In fact, the percentage of critical zero-day vulnerabilities was deemed to be insignificant and was not reported in Symantec’s Internet Security Threat Report (ISTR), Volume 23 in 2018. As such, hackers are moving towards social engineering techniques in order to gain access to their victim’s systems. In the same report, Symantec reports that spear phishing (a ‘personalised’ phish) is the most popular infection vector with 71% of organised groups using it.
From the above, increased spending on development practices can yield diminishing returns and further spending should be focused on reducing the effectiveness of social engineering techniques. Examples of how this can be achieved is through educating users by conducting information security training regularly or, by implementing multi-factor authentication (MFA) to act as an extra layer of security to your systems.
Although is it essential to consider a preventive perspective in any cybersecurity setup, it struggles to provide any meaningful approach if an attacker manages to get in. On the other hand, a mitigative perspective works on the assumption that an attacker can find a way in and aims to evaluate options from this position.
