How are Cybersecurity professionals forming their strategy?
It makes a lot of sense to follow lessons learnt, and to have objectives that can be met.
The same issues are clear in other defence avenues.
We're constantly suffering from being behind and not being able to proactively stop new attacks.
Our strategy needs to put us in the driving seat and do better than just reacting.
An article i read on military defence listed four aspects of that strategy and in Cybersecurity terms they could look like this: 192.168.l.l routerlogin 192.168.0.1
With the first three we should be superior to other systems when applying countermeasures.
It would be good to exchange views on strategy choices and see how objectives are going to be met.
If your query is about countermeasure to technical attacks, assuming that you have the basic security practices in place Mitre ATT&CK would be a good place to start.
A couple of key items to consider in developing a cybersecurity strategy.
1. Are you following a cybersecurity framework that best aligns to the mission of your business? ISO 27001, NIST or NIST CSF?
2. Do you have a current, accurate and complete IT asset inventory (including OS, firmware, and applications)?
A current topology diagram that not only depicts the IT architecture but also the flow of information to and from the organization.
3. Do you have a full understanding of the business's mission critical functions? And the business's future objectives and goals? What areas is the business willing to accept / manage risks.
Having this information, will give you a high overview of the "as-is" status and good start towards organizing a "to-be" status and importantly resourcing a cybersecurity strategy.
Hope this helps. All the best.