Proactive verse Reactive in computing/network security

​Just in the last week, a number of security breaches have occurred that are almost too unbelievable to comprehend.   Organized crime and State Sponsored hackers are getting so sophisticated that even companies that specialize in “Security” are being targeted, and many of their customer base are being infected.  Solarwinds, a company that markets many software products to the IT marketplace experienced a security breach that affected a particular product they call Orion.  One of their “software updates” that they provide to their customer base was compromised.  Unsuspecting companies that proactively updated their software, were hit with security breaches because of the compromised software update.  We’re talking about large organizations and government departments that have been infected by this breach, giving the hacker’s backdoor access into their networks.  The US Department of Treasury and Commerce departments and US Department of Homeland Security are on the list.  FireEye, a cybersecurity company was also hit, and as a result, a number of their proprietary tools for penetration testing on client networks was stolen by the hacking group.  Solarwinds estimate that 18,000 of its customers downloaded the compromised update software.  There will be a lot of “reactive” work involved by these companies to check for collateral damage on their systems and establish how their systems have been compromised as well.  Heightened awareness and security practices are paramount for companies to survive in this global internet communication era.