In 2024, according to the Identity Theft Resource Center, the number of U.S. data breach victims has increased by more than 1,000% over the previous year. It’s sobering statistics like this that make it no surprise that companies are investing more in proactive security measures.
Recent research backs this up. Emerging Best Practice in the Use of Proactive Security Solutions indicates that more than 70% of businesses have upped their spending on proactive security measures, surpassing investments in both preventative and reactive strategies. This shift underscores how businesses across the globe are making a significant move towards proactive security.
Why? It’s simple. These measures are seen as essential for reducing the opportunity for threats, shortening the mean time to remediate known vulnerabilities, and minimizing the attack surface. The research findings suggest that proactive security solutions are becoming an integral part of a comprehensive understanding of the threat landscape and attack surface, aiding organizations in improving both operational resilience and readiness.
A substantial portion of organizations, particularly those with mature security operations, are strategically deploying proactive solutions. This trend is especially noticeable among larger organizations and is more pronounced in the EMEA region, where 74% of companies increased their budgets compared to 67% in North America. Financial services (54%) and critical infrastructure organizations (53%), including energy and utilities companies, are leading the charge.
The latter isn’t surprising, considering cyber attacks are most likely to target these critical industries. Because when they do, they cause more disruption. When you couple the growth of ransomware with high stakes, the ransom demands start topping the millions. As a result, these businesses need to adjust to protect the business.
Drivers for Adoption
While preventing attacks has always been at the core of security decision-making, one of the primary drivers for the adoption of proactive security solutions is a need to get ahead of threats by focusing on hardening networks where they are most vulnerable to real-world attacks. The broader integration of these tools is expected to significantly improve attack surface management and security control optimization. This is particularly important as the study reveals that many organizations still have limited visibility into the security posture of their network assets, such as firewalls, switches, and routers.
The Importance of Network Device Configurations
Given that firewalls, switches, and routers, when correctly configured, serve as the foundational elements of a segmented network, they are critical for reducing the attack surface and ensuring its operational resilience. Yet organizations reported that they perform assessments on their firewalls, switches, and routers, at best, infrequently—often only monthly. They are also more likely to only monitor devices in critical segments or on a sample of devices rather than every device on their networks.
For example, only 6% of financial services organizations proactively assess their firewalls after configuration changes, and even fewer assess their switches or routers.
Despite these inadequate practices, the proactive security survey revealed that most organizations express high confidence in the security capabilities of their network security devices. A paradox that indicates that most organizations are choosing to “trust” that their routers, switches, and firewalls are robust and secure between audits, and therefore, that their networks remain adequately segmented.
Interestingly, compared to their counterparts in other sectors, critical infrastructure organizations reported much lower confidence in their ability to maintain adequate network segmentation and prevent unauthorized access compared to other industries. The majority also reported that they are making the shift to proactive security solutions to address the limited visibility and critical security gaps that are prevalent in their current practices.
Anticipating Disruption and Transformative Impact
Nearly half (48%) of all respondents anticipate significant organizational disruption due to the broader adoption of proactive security solutions. This highlights the transformative impact these measures are expected to have on cybersecurity practices. Proactive security solutions are not merely an additional layer of protection; they offer real-time visibility into the security posture and enable continuous minimization of exposure.
The survey identified critical proactive security capabilities, including the ability to view risks through different attack frameworks (61%), full asset context (60%), and integration with existing security fabric to implement temporary mitigations (57%). These capabilities are crucial for organizations to stay ahead of known threats and continuously improve their security posture.
Moving Toward Best Practices
What are the pain points? For most companies surveyed, the top cybersecurity goals over the next 12-24 months include reducing the opportunity for threats (47%), reducing the mean time to remediate known vulnerabilities (41%), and minimizing the attack surface with proactive configuration drift monitoring (39%).
Despite the limited industry guidance on building a proactive security strategy, there are emerging frameworks and best practices. For example, the US Defense Department's Cyber Operational Readiness Assessment (CORA) program emphasizes proactive defenses, securing the boundary between public and private networks, and continuous monitoring and assessment of network perimeter devices. This program supports risk-based metrics and key indicators of risk that dynamically analyze MITRE ATT&CK tactics, techniques, and procedures (TTPs) to keep pace with evolving threats.
Automation also plays a crucial role in the effective implementation of proactive security strategies. The research indicates that the most security-mature organizations are much more likely to automatically overlay current and historical misconfiguration data onto attack frameworks, such as MITRE ATT&CK. This automated approach allows for more comprehensive risk discovery, prioritization, and remediation.
Organizations with higher levels of security maturity are more likely to have deployed security automation solutions to help prevent unauthorized access and breaches, automate regular assessments and updates, ensure adherence to compliance and regulatory requirements, and build trust and reputation.
Appeal for Action
Given the rapidly evolving threat landscape, it is imperative that organizations take a proactive approach to security, investing not only in advanced technologies but also in robust processes and training. Companies must prioritize the implementation of comprehensive proactive security measures that provide real-time visibility and continuous assessment of their network devices and configurations.
Integrating proactive security tools that map attack paths and assess risks through various frameworks, such as MITRE ATT&CK, will also help take remediation workflows to the next level to demonstrably improve security posture. This holistic approach will enable organizations to preemptively address their most exploitable vulnerabilities to reduce their attack surface.
Moreover, businesses need to foster a culture of security awareness and readiness, ensuring that all employees understand the importance of proactive measures and are equipped to preempt and mitigate potential threats. By doing so, companies will not only enhance their security posture but also build resilience against future cyber threats, safeguarding their operations and reputations. The shift to proactive security is not just a technological upgrade; it requires a strategic overhaul and a commitment to continuous improvement and vigilance.
Futureproofing your organization
The shift towards proactive security solutions marks a significant evolution in cybersecurity practices. By investing in proactive measures, organizations are making significant strides to improve cyber hygiene and operational resilience. But the job is far from done.
As the research underscores, the need for continuous visibility, regular assessments, and the integration of automated solutions to prioritize, manage, and mitigate risks effectively is a crucial step. As proactive security solutions continue to mature, they will play an increasingly vital role in safeguarding networks and ensuring secure operations in an ever-evolving threat landscape. The future of cybersecurity is not just about reacting to threats but staying several steps ahead.