Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & Training

Being proactive creates a future-proof security strategy

By Sam Crowther
Locked data

Image via Pixabay

March 23, 2023

As companies’ efforts to increase efficiency and cut costs continue, there is one key area that is all too often overlooked: security. But, how can an IT team react efficiently to the myriad of cyber threats that are increasing in frequency and magnitude? It’s vital for companies to make a shift to a less reactive and more proactive security strategy. By adopting a proactive security model, companies are not only more secure, but also more efficient and able to save money during these tumultuous markets. It’s important to change the mindset and approach security from a more proactive viewpoint.

Reactive vs. proactive

So what is it that distinguishes a proactive strategy from a reactive one? Reactive security is often implemented after a cyber threat is encountered. Proactive security, in contrast, seeks to prevent these threats from occurring in the first place.

By adopting a proactive philosophy, organizations can identify and prevent potential issues before they become problems, helping to protect their systems, networks and data from attack. There are three main aspects of proactive cybersecurity that should be in every organization's playbook: approaching the problem as a red teamer would, leveraging a zero trust philosophy and pitting automation against automation.

Taking a red teamer mindset

The first approach is to attack cybersecurity problems as a red teamer would. A red teamer is a security expert who simulates real-world attacks on an organization's systems and networks in order to identify potential vulnerabilities and weaknesses. Looking at threats as a red teamer would allows a view of how organization could be attacked to provide a better understanding of what steps to take to prevent these types of attacks.

A common example of what a red team might do within an organization is to simulate a phishing attack on employees in order to identify which employees are most likely to fall for the scam. The red team can then provide training and education to those employees, helping to prevent the attack from being successful in the future.

Red teams today need to address more than a simple phishing attack, however. Cyberattacks driven by malicious automation, or bots, are constantly looking to gain access to businesses. Bots are used to scrape information, conduct credential stuffing or account takeover attacks, or worse. In order to understand whether the correct defenses are in place, red teams can simulate bot attacks, looking for weak spots in their defenses. If bots cannot be identified and stopped before they’re able to enter a site, it’s a good indication that an organization’s defenses need an upgrade.

Adopting a zero trust philosophy

The second approach is to leverage a zero trust philosophy. A zero trust philosophy is based on the idea that no person or system can be trusted by default and that all access to an organization's systems and data must be verified and authenticated before it is granted. By adopting a zero trust philosophy, organizations can ensure that only authorized users are able to access their systems and data, helping to prevent unauthorized access and potential attacks.

A zero trust approach, however, only works if it is comprehensive and covers all aspects of cybersecurity defenses. With hundreds of bots attempting to gain access to businesses each and every day, it is critical to take that same zero trust philosophy and apply it to bot defenses. Many organizations operate under the premise that it is acceptable to allow bots to gain access to your site first, to monitor behavior, before they are stopped. The line of thinking is that defenses are needed to encounter the attack, so they know what they’re dealing with and can counter it effectively. However, by definition, that’s no longer a true zero trust approach.

To implement zero trust, cybersecurity solutions need to prevent attackers from gaining access in the first place. In the bot world, that means recognizing when there is automation and stopping it before entry is successful.

Matching automation with automation

The third approach is to pit automation against automation. This involves using automation to identify and prevent potential attacks on an organization's systems.

In many organizations, however, there is still the underlying belief that only the most mundane and low-risk tasks and defenses can be automated. They feel that anything that’s a bigger, more aggressive or larger-risk attack needs the insight and intervention of a security team member. With the advances in automation technology that have been made over the past few years, this couldn’t be further from the truth.

Attackers improve their attacks and the tools they use each and every day. Attackers learn from what works and what doesn’t, and continually tweak approaches and tools to maximize success and profitability. It is this need to stay ahead of all cybersecurity defenses that drives them and their automated attacks.

Fraudsters and cybercriminals use bots for a variety of purposes — to crack accounts, to secure in-demand goods, to scrape data, to test zero day vulnerabilities, etc. If there’s a possibility to profit from an attack, it’s a guarantee that malicious automation will be employed to accomplish it as quickly as possible, and at as large a scale as possible.

This is why organizations need to employ — and trust — automation to defeat automated attacks. No matter how well-educated a security analyst and their team is, the attackers will always be constantly evolving their attacks, optimizing them for speed and efficiency. There is no way that security teams can compete with that. Teams might feel that they need to retain involvement and control of settings and responses to automated attacks, but it would be a full-time job just to maintain the status quo. Attackers have the time, motivation and resources on their side.

In addition, security team members will always have other responsibilities chipping away at the time they can spend updating their organization’s defenses. Add to this the third variable — labor issues — and it’s a recipe for disaster. Just this year, the combination of a skilled labor shortage and hiring freezes have resulted in unfilled positions that won’t be filled in the short term or understaffed teams that are stretched too thin.

The need to invest in quality automated tools that can fight against the sophisticated automation that cybercriminals are using has never been more evident.

The pros of being proactive

Proactive cybersecurity is essential for protecting any organization from potential threats. By adopting a red team approach, leveraging a zero trust philosophy and pitting automation against automation, organizations can identify and prevent potential issues before they become problems, helping to protect systems, networks and data from attack.

With a proactive cybersecurity strategy, passing compliance checks will be much easier with a constantly up-to-date proactive model, customers are more likely to invest their trust with a company that prevents breaches before they can happen, a company can stay up to date with the latest in hacking strategies, costly reactive security measures can be scaled back and simplified, and manpower can be focused on enduring recession conditions and protecting the interests of the company.

Ultimately, by choosing to be proactive, a company is offering a brand that is trustworthy, maintainable and well adapted for the future; something that’s sure to be a recipe for success now and beyond.

KEYWORDS: automation and security bots proactive security red team testing zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sam crowther headshot

Sam Crowther is CEO and founder of Kasada, an innovative web traffic integrity company that accurately detects and defends against bot attacks across web, mobile and API channels. He is passionate about creating simple technical solutions to complex problems and is motivated by challenging preconceived ideas and beliefs in order to have a positive impact on the world. 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • privacy-security-freepik5872.jpg

    An unfortunate side effect: How privacy trends are weakening website security

    See More
  • bots

    How to shut down bad bots once and for all

    See More
  • remote-enews

    5 Components to a Proactive Security Strategy

    See More

Related Products

See More Products
  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing