Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Patch and pray is an approach to cybersecurity that has to do with responding to existing threats and hoping that the results will deter future attacks. It is a common strategy of businesses that do not have the resources to be more proactive about their security.
Essentially, many companies and other parties do not have the resources or the ability to develop foolproof cybersecurity plans. As a result, many aspects of their plans are based on reaction: when a data breach or other type of malicious attack happens, the company addresses it, does damage control and puts solutions in place to stop it from happening again.
The problem with this approach is that cyberattacks evolve and so should cybersecurity. Security experts are recommending proactive cyberintelligence gathering that helps companies to predict cyberthreats and guard against them, instead of waiting for them to happen. For example, the security community often identifies existing viruses, malware applications or cyberattacks, and distributes solutions to inoculate systems against them, much the same way that medical professionals distribute vaccines for illnesses. This is a type of "patch and pray" reaction.
Along with these kinds of strategies, government and private business leaders are now recommending the use of more comprehensive security systems, many of which involve encryption, data shielding, data masking or other methods that will render a number of cyberattacks less effective. One example is the use of comprehensive cloud encryption gateways to encrypt all data emerging out of an internal corporate network. This type of brokered security means that many different kinds of hacking attempts between the internal network and the cloud do not jeopardize corporate data, even if they are successful in hijacking data traffic.
Developing a protective cybersecurity regimen takes time and requires a lot of resources. However, the cybersecurity community is leaning toward this type of model, in order to safeguard valuable data against hackers and unauthorized cyberattackers.