The university of tulsa Online Blog

Trending topics in the tu online community

What’s Defensive Cybersecurity?

Written by: University of Tulsa   •  Mar 1, 2024
Cybersecurity professionals meeting in a conference room.

What’s Defensive Cybersecurity?

Businesses and organizations of all sizes know the importance of defending their networks and systems from cybercrime. The increasing sophistication of cyber threats demands a more systematic approach to cybersecurity, and prevention is a key focus. Defensive cybersecurity aims to prevent cyber attacks by safeguarding everything from an organization’s systems and software to its full network infrastructure. 

The costs associated with cybercrime are projected to reach $10.5 trillion per year by 2025, according to McKinsey & Co.. More than 3.5 million open cybersecurity positions exist around the world to combat these costly attacks. An online Master of Science (M.S.) in Cyber Security can offer the advanced defensive cybersecurity skills required to fill these positions and protect organizations from cybercriminal activity. 

The Differences in Offensive and Defensive Cybersecurity

The vast scope of cybersecurity can be divided into two branches of cybersecurity specialties: offensive and defensive cybersecurity. While both take proactive steps to protect networks and data, they use different strategies and practices to achieve that goal. 

Offensive Cybersecurity

Offensive cybersecurity strategies employ some of the same tactics that a real-world cybercriminal might employ to gain access to data, systems, or networks. Penetration testing and vulnerability assessment are common forms of offensive cybersecurity that can help organizations understand where they need to focus their efforts. 

Defensive Cybersecurity

Defensive cybersecurity focuses on implementing protective safety protocols that predict and prevent attacks. The most common examples are strong passwords, encryption technology, firewalls, and secure email gateways. Defensive cybersecurity focuses on measuring risk and detecting threats long before they become reality. 

Defensive Cybersecurity: 7 Steps

Defensive cybersecurity can be quite complex, particularly when it involves an organization’s most critical assets. Modern cybercriminals often have advanced education and access to cutting-edge technology, making them formidable and cunning adversaries. 

To combat this, cybersecurity professionals use standardized redundant security measures to prevent covert attacks. Redundancy consists of applying several layers of protection to every part of an organization’s network. If the first layer fails, one or more additional layers still exist.

Developing, implementing, and maintaining an appropriate defensive cybersecurity plan requires forethought and skill. Cybersecurity specialists use a seven-step process that serves as a framework for developing functional and effective security measures.

1. Risk Assessment

Before a company or an organization can defend itself from an attack, it must first understand the unique risks. Risk assessment focuses on determining the critical assets, discovering the most pressing vulnerabilities, and identifying the potential losses that can occur if a breach is successful. 

2. Policy Development

The next step involves developing policies that specifically mitigate risks uncovered during the first step of the process. For example, many organizations choose to increase their employees’ password requirements, adopt more powerful encryption technologies, and use more sensitive threat detection systems. Policy development also includes creating incident response and recovery plans that will be implemented in the event of a cyber attack. 

3. Implementation

The third step in the process involves implementing the policies created to mitigate risks. It can include updating the organization’s firewall and prompting employees to immediately change their passwords according to the new security policy. 

4. Monitoring

Monitoring is one of the core components of a successful defensive cybersecurity operation. After implementing the new policies, the cybersecurity team must monitor the systems for effectiveness, and they often use automation and other technology to help them discover suspicious or malicious activity. The team must also determine whether the implementation of new policies has negatively impacted workflow and efficiency. 

5. Incident Response

Even the best cybersecurity teams can’t provide full protection from every conceivable attack. As such, organizations must be prepared to respond to incidents quickly. Following the defensive cybersecurity process and developing a thorough incident response policy ensures that everyone immediately knows what to do in the event of an attack or a breach. This saves time and money, and it can even reduce the severity of an attack. 

6. Recovery

The recovery process begins as soon as a cyber threat has been successfully mitigated through incident response. Information technology (IT) downtime costs businesses from $140,000 to $540,000 an hour, depending on the size and scope of the company, according to Gartner. Recovery is the process of minimizing downtime by restoring or rebuilding systems as needed. 

7. Review

The review process helps organizations and cybersecurity teams better understand how and why an incident occurred, what could’ve been done to prevent it, and what can be done now to prevent similar incidents in the future. Because technology and cyber threats are always evolving, organizations need to regularly review their complete defensive cybersecurity strategies and adjust them as necessary. 

Deliver Expert Protection to Organizations of All Sizes

Companies around the world are taking cybersecurity seriously. Gartner predicts that global security and risk management spending will reach $215 million in 2024, a 14% increase from the roughly $188 million spent in 2023. These increased budgets allow organizations to hire skilled professionals who can use their knowledge and skills to effectively protect networks of all sizes from cybercrime. 

The online M.S. in Cyber Security degree program at The University of Tulsa teaches the fundamentals of cybersecurity alongside the tools required to adapt to new technologies and new cyber attacks as they arise. Discover how you can save organizations money and prevent potentially devastating attacks by implementing defensive cybersecurity processes. 

Recommended Readings

8 Reasons Demand for Cybersecurity Professionals Will Keep Rising

Cybersecurity and AI: A Changing Landscape

Cybersecurity Defense Strategies: The Role of Cybersecurity in National Security


CompTIA, “What Is Defense in Depth and How Can You Achieve It? Pro Tips for Proactive Cybersecurity”, What Is Cyber Defense?

Gartner, Business Insights & Trends

Gartner, Gartner Forecasts Global Security and Risk Management Spending to Grow 14% in 2024

McKinsey & Co., “Cybersecurity Trends: Looking Over the Horizon”

McKinsey & Co., “What Is Cybersecurity?”

Redpoint Cybersecurity, Comparing Offensive vs. Defensive Cybersecurity

TechTarget, Network Downtime

Learn more about the benefits of receiving
your degree from The University of Tulsa