Cybersecurity Prevention Or Recovery Technology: What's More Important?

Yuen Pin Yeap is CEO at NeuShield. Yuen Pin is an experienced leader with a long track record of creating innovative security solutions.

Cybersecurity prevention or recovery technology? It's not an either/or proposition. The answer is you need both.

To protect digital business assets, organizations need cybersecurity protection to block attacks and instant recovery solutions to get data and systems up and running in minutes, not hours or days. According to a recent study by IBM, the average time to identify a breach is 206 days, and the average time to contain a breach is 73 days.

Good stewards of their vehicles practice preventative maintenance by changing the oil regularly, making sure all the fluids are topped off, filling the air in the tires, etc. They buy extended warranties or auto protection policies from companies like AAA for emergency road services for quick relief with a tow, opening a locked car, changing a flat tire, jumping dead batteries and more.

Prevention and recovery ultimately save time and money, reduce risk and give us peace of mind.

If a person drives a vehicle daily for years without any degree of protection coverage beyond preventative maintenance, the likelihood of a costly mishap is very high. The same is true for businesses believing they're safe because they have antivirus and endpoint protection. It's easy to be confident and complacent until something bad inevitably happens.

Cyber breaches occur for myriad reasons. They happen when security patches aren't completed in time; when antimalware products haven't been updated due to human error or misconfigured systems; and when employees fall victim to phishing attacks.

The percentages for a breach favor the hackers.

It's impossible to block 100% of all cyberattacks. The highest percentage of breaches occurs when novel malware programs are introduced. In fact, during the first day or so of a completely new virus, the average breach protection rate is about half of the time, based on my experience. This means any organization targeted by novel malware has a 40%-50% chance of getting breached. I don't like those odds.

After the first day or two, the protection percentage increases to approximately 80%, based on my experience. After a week, the rate is above 90%. Of course, these percentages are based upon how quickly the signature, AI behavior lists or other updates are released. Instant recovery solutions can recover data and systems when protection fails. Together, prevention and instant recovery can protect roughly 99.999% of the time an organization's data and systems fall victim to known or unknown attacks. You may not see these percentages published in the media. But, as an industry insider, having worked in major security companies for over twenty years, the numbers are fairly accurate.

The challenge in meeting these protection percentages lies in the fact that new viruses are introduced regularly. The sheer numbers of novel viruses, their unknown nature and the sophistication of the technology used all conspire to make IT and security teams hard-pressed to keep up.

Cybersecurity blocking solutions all look for something related to malware. Whether it's suspicious behavior, a file, executable code or script. They look for either good behavior or bad. If they don't know about a bad behavior, they can't block it. And bad actors are always changing their actions, tactics, software, etc.

Before a breach happens, it's sensible to have a plan and instant recovery solution in place. It's important to have another layer of security beyond prevention. Instant recovery allows organizations to proactively defend their data and protect files. Shielding important data prevents a threat from modifying it when an attack finds its way through the blocking solutions. With instant recovery in place, organizations can revert digital files and devices back to pre-attack state.

Don't become complacent, even when you have cybersecurity products.

There are many prevention products and services — antimalware, cloud security, email security, endpoint security, etc. The intent of these products is to block attacks. Unfortunately, it's impossible to block them all. You will not find a single vendor that can guarantee 100% protection against cyberattacks. Even organizations that deploy every product listed above are still vulnerable.

While we can't prevent all attacks, we can prevent some breaches. We may get relief when attacks are thwarted by a prevention product, but best not to become overly confident. Most of us have read the notice on a vehicle's side mirror that states, "Objects in mirror are closer than they appear." Security products promise a degree of safety that may be unrealistic. Cyberattacks are always a breath away, ready to storm our defenses.

Businesses need protection from technology and human cyberattacks. I can point out the vulnerabilities associated with manual configuration errors that leave systems vulnerable. Breaches happen when failing to install software security updates, using weak passwords, giving out sensitive information through phishing emails or clicking on a link within a malicious website.

But bad actors also enter a corporate network as a trusted user. For instance, when they manage to gain an employee password or use social engineering to get someone to make a payment to a hacker-controlled server. When bad actors do unpredictable nefarious activity, there are few cyber protection options — no antimalware lists will stop them.

"Prevention or recovery technology?" is the wrong question. Your organization needs both.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?