Canadian ice hockey player, Wayne Gretzky, was once quoted as saying: "I skate to where the puck is going to be, not where it has been."
Former US intelligence expert, Keith Lowry, has advised organisations to take the same approach when protecting their networks against cyber security breaches.
"Until we [adopt] that thought processes within our organisations, we are always going to be chasing a puck instead of being able to prevent or use it to our advantage," he told attendees at the Information Governance and Ediscovery Summit in Sydney.
Lowry -- who led the Edward Snowden counterintelligence damage assessment team -- said organisations must stop looking merely at defensive shields and focus on who on the inside has access to critical-value data.
Alarmingly, he said many organisations do not know where they house their critical data, who has access to that data and what they do with the information once they have access to it.
"If you are unable to answer those questions then you are searching for a needle in a haystack," he said.
Organisations and governments must progress from being reactive to proactive in their security posture, he said. They must discover where adversaries are going to be not where they were "today, yesterday or a month ago."
"We need to find and understand what we possess that the adversaries want and focus on protecting those pieces of information -- those finite targets," he said.
He said although the perimeter is important -- cyber defence, instant response, security operations centres all have to be there -- but those activities alone are defensive and respond after the event has occurred.
"An additional pitfall of relying on post-activity alerting is that it can take days or even months after a significant malicious event has occurred before it is reported. This can caused embarrassment, public scandal, and affect stock prices," he said.
Lowry suggested that organisations create a good intelligence picture of who wants access to their data.
"This is enlightening because you know where the vulnerabilities are and you can wait," he said.
"An organisation that we created an insider threat program for -- there was an employee who had access and transferred 1GB of data to an unauthorised storage device," he said.
"When that occurred, it was thrown over to me and I looked at that data and asked 'does this person have access to critical value data and if so ... are they supposed to transfer it to an unauthorised storage device?"
He said this person was authorised to access the data but the action he took he wasn't supposed to take, which was an indicated that something was wrong.
Sign up for CIO Asia eNewsletters.