Well there are two ways in which we can categorize the way we respond to security threats. A company should not just focus on a single one but should focus on both of the strategies. Why? You’ll understand once you got through the below.
Let us say you are a system administrator at your college and I am an attacker(May be one of the students). You know what attackers usually do, so you have some preventive measures like securing wifi’s using walls that prevent wifi signals from crossing the room and you made some other measures too.
You saw me upgrade my priviliges on one of your system and you are fighting against it and preventing any further hack in.
You are a really good Sys admin, you do regular updates on all your linux boxes and windows servers. Great
All such stuff is called Proactive strategies or Measures.
Reactive measures are taken after the attack or some of the attack has been completed. Updating some systems because their credentials have been made vulnerable(Expecting the notorious nerd had put in a huge set of worms since the credentials were leaked). Backing up all your data to prevent any further damage.
Such stuff is called a reactive approach.
Cheers,
PH