This is not a simple question, especially when it comes to cybersecurity, but there is actually a simple illustration that can help answer it.
Think for a moment about physical security of a building, whether it is your home or your place of business. What do you have in place to secure it?
In general, there are about a dozen items that come to mind, including doors, locks, fence, alarm, motion detection, monitoring, neighborhood watch, dog, gun, police or security guard.
In reality, it’s not the individual controls, but in fact the system that provides security. Each component falls into one of 3 categories:
Now think about this. Which category is MOST critical to security? The majority will initially respond that column 1 is the most critical. But let’s say someone is able to breach your locked door, bank vault, or firewall. What is providing security at that point?
Category 3, the response you might say. And eventually that may help. But what if that breached door, vault or firewall is not noticed for days, months or even years? What good will the response be if it is not timely?
There’s the “Aha” moment. Detection is critical to security. You can’t prevent all unauthorized access, and you can’t respond until you detect.
Make no mistake, all of the categories are important to deter and minimize risk. But if you are like many organizations, when it comes to cybersecurity, you have a lot of proactive protections (firewalls, patching, security testing), little to nothing in Detection (IDS/IPS, endpoint, 24/7/365 monitoring) and maybe even less that can help you in Response (Incident Response plan, disaster recovery, and even cyber insurance coverage).
A tough question, but the answer is a little clearer now, isn’t it?