Jonathan Tock | February 18th, 2022

Winston Churchill, former Prime Minister of the United Kingdom during World War II, once advised, “Let our advance worrying become advance thinking and planning.” While Churchill’s words were heard in the context of a global war, they ring true today as companies battle the growing threats of cyber-warfare and ransomware. The heart of Churchill’s wisdom is that worrying about a likely or inevitable event must be channeled into productive action in preparation for its occurrence, whether it be an army’s territorial invasion or a threat actor’s network intrusion. In order to counter any adversary and protect against malicious threats, an action plan must be developed then effectively implemented.

Churchill’s words are especially resonant today as businesses face an onslaught by threat actors actively seeking to encrypt, exfiltrate, and even destroy critical data. Many unfortunate victims of cyberattacks employed the strategies of worrying and hoping to be overlooked instead of thinking clearly, planning effectively, and retooling proactively. A proactive approach to cybersecurity focuses on eliminating threats before they have a chance to gain an environmental foothold, whereas a reactive approach responds to events once they’ve commenced.

 The proper reactive approach a business can take immediately amidst the malicious nature of threat operators and the evolving threat landscape is to fortify your organization’s proactive security posture. It is a necessity to protect business-critical information—intellectual property, personal identifiable information, financial records—coveted by ransomware operators for maximum leverage.

Ultimately, the options for business in the face of constant cyberthreats are limited: mitigate the impact of a breach or actively prevent a breach. The gravest problem with the former approach is that an active breach indicates a weakness in overall security and operational maturity, which places the adversary steps ahead of the responding team. If trailing a cybercriminal, the incident response (IR) team is likely climbing over stacks of stolen, sensitive data.

The second and better option is to actively prevent the breach with a proactive approach, which does not mean eliminating reactive measures; both are needed. Proactive procedures strengthen the perimeter around business-critical data and give IR teams advanced notice of threats, so when an attack is attempted, reactive measures—such as isolating affected networks—engage to prevent the actors from gaining a foothold and accessing sensitive information.

The prescription for a viable, efficient, long-term, and proactive solution allowing you to control the situation is a comprehensive strategy that increases cyber maturity. When most organizations experience a cyber breach, they are passing all compliance audits. SpearTip’s pre-breach assessments—thorough and meaningful proactive engagements—examine your entire security posture from the top down. Our assessments extend beyond simple audit checks, focus on real-world events, and protect partner organizations from data loss, identity theft, fraud, financial loss, and reputation damage.

A truly mature security posture requires a thorough security architecture review and gap analysis of an organization’s people, processes, and technology. Threat actors have the uncanny ability to find the chain’s weakest link, whether through a spear-phishing attack against undertrained employees, outdated or unpatched software, or failure of management to require multi-factor authentication (MFA) or password best practices. The only way to safely remediate a weakness is to closely examine the day-to-day functions of an organization and expose the weakness prior to a malicious attack.

Proactively securing your network must also include continuous cyber threat hunting to expose dormant and active malware within the environment and thorough penetration testing, both of internal and external networks. These processes are designed to mimic the TTPs of threat actors and, if conducted by seasoned threat hunters, allow your organization to strengthen security controls and mitigate potential damage resulting from a compromise. SpearTip’s ShadowSpear threat hunting continuously assesses an organization’s networks for potentially malicious threats, including unknown threats, zero-day vulnerabilities, ransomware, and advanced persistent threats. Ultimately, these assessments enable your business to harden its overall security posture, better positioning it against external adversaries.

While all security architecture, systems, configurations, and policies are reviewed and tested, organizational leadership should also make proactive improvements. Most businesses that suffer a network breach are caught off-guard, which leads to decision-making under duress. Reactive decisions are often ‘too little too late’. Tabletop exercises are tremendous opportunities for team leaders and incident responders to build cyber reflexes and strengthen collaboration in a simulated breach. These exercises also expose limitations in the current IR plan and related systems so they can be strengthened, and all team members can act confidently when confronted with an actual breach.

Proactive assessments of security, procedures, policies, and decision-making processes are essential aspects of a mature cyber posture and—just like network monitoring of our partners from our Security Operations Centers—should be practiced continuously.

Our mission at SpearTip is to protect our partner businesses and allow them to focus on what they do best: running their operations and maintaining customer relationships. Allowing SpearTip to defend you via our proactive engagements and active monitoring will allow you to rest easy and grow your business.