A countermeasure is a defensive control that reduces the chance of an attack succeeding or limits the damage if it does. In cyber security, countermeasures can be technical, procedural, or operational: patching vulnerable software, enforcing multi-factor authentication, rate-limiting login attempts, isolating systems, or rotating cryptographic keys. The goal is not always to stop every attack, but to make attacks harder, noisier, or less useful.
Countermeasures matter because attackers usually look for the weakest point in a system, not just the strongest. In cryptography, a secure algorithm may still be undermined by poor key management, weak implementation, or bad deployment practices. Good countermeasures address those real-world gaps with threat modeling, code review, access control, monitoring, and safe configuration. In defense planning, choosing the right countermeasure depends on the attack class, the asset at risk, and the impact you want to reduce.