Cyber defense: From reactive to proactive
Cyber defense: From reactive to proactive
https://www.csoonline.com/article/4134813/cyber-defense-from-reactive-to-proactive.html
Publish Date: 2026-02-24 14:10:00
Source Domain: www.csoonline.com
When systems are attacked, we should respond. But how much better would it be if we could anticipate attacks before they strike and stop them with a proactive defense?
Faced with today’s cybersecurity challenges, that is no simple task.
“It’s a cat-and-mouse situation. AI is changing the speed and sophistication of attacks, and AI is making phishing and social engineering attacks, thanks to deep fakes, harder to detect,” said Kevin McCall, director, cybersecurity, risk, and regulatory at PwC US, speaking during a webcast titled, “From Risk to Resilience: Building a Smarter Cloud Security Strategy.”
McCall also warns of a “supply chain” of cybercrime consisting of ransomware-as-a-service, as well as threats embedded in developers’ toolsets.
“Once an attack has occurred, the average time to reduce exposure is 58 days,” noted fellow webinar panelist Nidhu Nalin, principal, cybersecurity, risk, and regulatory at PwC US. A lot of bad things can happen during the nearly two months when malware is on the loose and cyber thieves have access to corporate systems. That’s why being proactive — detecting and preventing threats, rather than reacting to them — is so important.
“Being proactive requires efficient automation. It also requires an integrated platform providing a single pane-of-glass view of the environment, with well-designed, tested, and optimized mechanisms to respond and recover,” said Nalin.
Automation is also important to help overcome the chronic cybersecurity talent gap. “As AI fuels faster and more sophisticated attacks, relying on staff alone can prolong the detection and prevention of threats,” said Nalin.
Being proactive sounds great, but it doesn’t happen overnight. Multiple disciplines are required, and they should work together. Littus Dsouza, senior product manager at Microsoft, said cybersecurity leaders should focus on these priorities:
- Defense in depth with layered…
