Passive defence¶
A decade ago: Keep systems updated, patch immediately, use strong(er) passwords, install anti-malware, use firewalls and proxies, etc.
Now: Keep systems updated, patch even more even faster, use strong(er) passwords, use a password vault and manager, multifactor authentication, biometric authentications, install Next-Gen firewalls, intrusion prevention systems, intrusion detection systems, Next-Gen anti-malware, and Next-Gen proxies. Not to forget Next-Gen tool integrations, maintenance of Next-Gen tools, and dealing with regulations, policies, Next-Gen laws, etc.
Prevention is ideal ofcourse, and that requires detection, and detection without response is of little value …