Offensive vs. Defensive Cybersecurity
Defensive cyber security includes an organization’s efforts to protect itself against attacks. Deploying security solutions, enacting security policies, training employees to recognize phishing attacks, and similar efforts all fall under the defensive umbrella. Defensive cyber security includes both proactively attempting to prevent cyberattacks from occurring and reactively attempting to identify, block, and mitigate ongoing attacks.
In essence, offensive cyber security is what defensive cyber security is working to protect against. Cybercriminals test, circumvent and break through an organization’s defenses to steal data or cause damage. Ethical hackers test, circumvent, and break through an organization’s defenses to find the holes to fix them before a real attacker can take advantage of them.
A mature cyber security program incorporates both offensive and defensive cyber security activities. The combination protects against cyber threats and refines and improves these defenses by using offensive cyber security techniques. Offensive techniques can help to identify weak points in the system and develop strategies to address them. A defensive system can be more robust and secure by proactively seeking out potential security flaws. Additionally, offensive techniques can be used to test the effectiveness of existing security measures.