What is defensive regression in Cybersecurity

One of the new things enterprises and information security experts are talking about extensively, is defensive regression.
Let’s put this in perspective first.
Imagine that you have been using your grandma’s home remedy of chicken soup every time you get a cold. It’s worked for years, so you don’t question it’s effectiveness at any stage. Over time you see that the chicken soup is becoming less and less effective against your cold. What does this mean? Either the microbes have become resistant or your infection is symptomatic of a bigger threat.
This is exactly what defensive regression would mean with cybersecurity too. Everything comes with an expiration date. Your cybersecurity measures may have been robust yesterday, but has there been a ‘regression’ in your defence mechanism since then? This is the core of defensive regression.
Now there are several factors that may contribute to defensive regression. The most common culprit though, is simply lack of action. When it comes to cybersecurity, there are a few questions that we need to ask ourselves periodically.
- Are all the right processes being followed?
- Is malicious activity being blocked?
- Is malicious activity being detected?
- How is malicious activity being responded to?
- Are we maintaining and utilising firewalls?
- Are all the patches updated?
- Is access being given to the right people?
Are we keeping all our security intelligence technology updated?
Now combating defensive regression can only happen if there is constant vigilance when it comes to cybersecurity. Everything from the presence of old systems which are vulnerable to attacks to human errors in management could potentially compromise data not only affecting business continuity but also branding and the company’s valuation. And the rising awareness of this fact is what is prompting more and more organisations to look at cyber security as something besides an added expense to think of.
The stark reality is that defensive regression is still a problem that we are facing far more than we should. And the solutions are not rocket science. It simply takes a systematic approach to validating that your talent, techniques and technology are all working as expected and removing any assumptions when it comes to the information security of your organisation.

