Many organizations invest massive amounts into security technologies but are still experiencing security breaches which result in significant losses. Sophisticated and well-funded attackers are constantly challenging current security systems, making organizations weaker than the opposition and usually unaware of the threat manifestation until it is too late. This approach to security is reactive and leaves organizations unprepared and exposed.

This is why it is critical to move to a more proactive security approach. An organization’s defence system needs to be as agile and adaptable as the attackers it is up against. This is the beginning of the implementation of defence concepts instead of traditional security concepts. Defence concepts are less passive and will detect and respond to security breaches in real-time.

Proactive security is a more converged approach which incorporates human and physical elements into information security. It also gives way to a more pre-emptive method of defending an organization from malicious attacks by adopting active measures to anticipate current threats therefore pre-empting potential failure by simulating what defence is necessary, how to achieve this defence and the circumstances under which it will fail.

Taking a proactive stance towards security will put organizations in the driving seat and ensure they are in a high state of readiness and able to counteract threats to information security.

This topic will discuss a proactive vs. a reactive security approach in combatting cybercrime. It will discuss the ways in which organizations can move to a more converged and dynamic security concept where human and physical elements are also taken into consideration.

Jason Gottschalk
Associate Director at KPMG