Cyber prevention or mitigation… Why can’t it be both?

The technology market today is being flooded with security solutions from across the globe that claim to be unique and practically unbeatable. But when it comes to defence, do you prioritise attack prevention or damage mitigation?


This Is a contributed article by Guy Golan, CEO of Performanta.

Over the years, the cybersecurity market has split into two factions – those dedicated to attack prevention, and those who provide solutions for damage mitigation. But as the threat of attack continues to grow, can businesses really afford to favour just one form of protection?

When it comes to our homes, we have locks on our doors to prevent intruder entry, and a burglar alarm to respond swiftly in case of a break in. We would never choose one over the other. Only having attack prevention strategies means it is harder to locate and block adversaries once they get in (which they will), and damage mitigation fails to take the proactive approach altogether to limit the likelihood of attacks in the first place.

As the cost of cybercrime and data breaches continues to rise from a financial and reputational sense, it’s time to end the debate of which approach is more important. Businesses need to be both proactive and reactive – one fatal blow could bring a company to its knees.

Identify the enemy

Businesses are navigating a minefield when it comes to defending their networks due to the increase in attack vectors, and adversaries getting bolder and more sophisticated over time.

As it stands, ransomware remains the biggest threat to organisations. According to SonicWall, the past year witnessed 623.3 million ransomware attacks across the world, a 105% increase compared to the previous year. The repercussions of such an attack can be huge: financial costs of getting systems back online; the time and money required to recover lost assets; regulatory implications because of compliance failures; and the long-term damage to business reputation for experiencing a breach.

Given the severity of the threats currently darkening our doorways, why is the debate between attack prevention and damage mitigation still ongoing?

The need to lower the risk AND limit the impact

Cybersecurity has significantly evolved over the years, with business networks now extending beyond the four walls of an office. It is no longer enough to rely on endpoint protection and firewalls to defend the organisation.

So naturally, businesses turn to the cyber market to pick out their next solution to add to the security stack. Thanks to the exponential rise in attacks, cyber investment has skyrocketed. The DCMS Annual Cyber Sector report showed that the cyber industry contributed around £5.3 billion to the UK economy in 2021, rising by a third on the previous year.

But despite this increase in investment, attackers are still breaching their targets. And the unfortunate reality is, they will continue to do so. This is why businesses choose to prioritise damage mitigation – if there’s no stopping attackers, then limit what they can reach.

While a valid attitude, it’s unwise for organisations to neglect a prevention approach. Organisations need to proactively monitor for threats, not only to help protect critical business assets, but to harvest invaluable insight into criminal attack trends to feed into future defence strategies.

The next steps

Addressing a business’s cybersecurity is a daunting task, with teams often overwhelmed by the incoming risks and subsequent needs to evolve defences from both a prevention and mitigation standpoint. Here are a few key considerations to get companies started:


Compliance is an absolute must, but it does not reflect the level of security that businesses ought to be adopting. Organisations should focus on risk-based security, dedicating efforts to understanding what the business risks are, and how they translate to cyber risks.

Real time data

Teams should work tirelessly to gain real time insight into what their security controls look like, and how they’re functioning. Without this level of knowledge, it’s impossible to paint a picture of what controls protect which aspects of the network, and which are left defenceless. A real-life example would be a mansion with 50 doors. To achieve complete security, the occupants need to know the exact number of entrances, whether each door is locked, and how many of those are also alarmed. Without this data, security becomes a dangerous guessing game.   

Contextualise risk

Breaking down risk into different contextual groups is vital. This includes by time, and relevance to department, people, or data. Businesses need to understand which risks are imminent and which are general, to quantify them in terms of a defence mechanism.

An open culture

Organisations should promote a culture that encourages regular sessions between the CISO and their team with real-time data to take action against each risk. While this can be a tall order for organisations, especially given the extraordinary pressures already on their shoulders, it’s becoming essential. As technology advances, businesses need to evolve their strategies to get the most out of their systems. Organisations need a unified culture and real-time data to lower the risk and reduce the impact – tackling both ends of cybersecurity.

A double-pronged defence

As the stakes for businesses rise, the pressure to evolve cybersecurity strategies has never been so high. On top of the usual suspects, major organisations – particularly those involved with national critical infrastructure – are becoming more vulnerable to nation-state attacks. The recent warnings of Russian cyberattacks against critical infrastructure is a prime example. And while it is not the responsibility of one organisation to defend their country from national attack, each contribution is invaluable.

There are countless other threats emerging over the horizon that could put today’s ransomware attacks to shame. Technologies like Quantum computers will redefine the landscape and open avenues that currently don’t seem possible but will become a reality.

Unfortunately, there is no silver bullet for cybersecurity, but there is always room for businesses to improve their security posture. After all, a successful attack is dependent on three factors: a vulnerable network, an accessible device, and a persistent attacker. Organisations have control over two of those elements.

Budget allowing, there are security solutions that could provide the security businesses seek. But the most important aspect of cyber is mindset. Having a complete understanding of the threats towards a business is a powerful asset and should never be underestimated. Technology is just a tool; the real defence lies within the workforce itself.

Guy Golan is the CEO and co-founder of the Performanta Group, and leads the culture vision, strategy and global expansion for the group, pioneering modern cyber security solutions to organisations worldwide. Golan focuses on building sustainable ad mutually beneficial relationships with both customers and partners, giving him a deep understanding of the ever evolving and dynamic needs of the Information security landscape.