Why is the 80/20 Rule Important in Cyber Security Practices?

by Brad Garland

Cyber security may be a newer, more complex field, but it actually shares many common rules with other industries. One of these is the "Pareto principle," which dictates that 80% of the effects come from a mere 20% of causes. In other words, this means that the distribution of cause and effect can be (and usually is) uneven, and learning your way around this can be vital for any business. 

The Pareto Principle and Cyber Security

You may be wondering how this relates to cyber security, or cyber security consulting. The answer is simple: not all threats in cyber security create the same amount of risk. Learning from the Pareto principle means understanding that your resources should be focused on fighting the attacks that can do the most damage before worrying about minor bugs and inconveniences. 

Many cyber security consulting firms attempt to cover all possible bases by using a one-size-fits-all approach. This can be very harmful, as it ends up treating low-level risks with the equivalent amount of attention as high-level ones, which can result in the more immediate issues not being dealt with properly due to misappropriated resources.

Assessing Incident Response Processes

In order to prevent these issues, you should start by analyzing your incident response processes. Try using the following steps: 

  1. Start by looking at the discovery, analysis, mitigation and closure phases of your incident response process. You'll want to know how many resources are being used by each step. Once you've learned that, move on.
  2. Next, you should work on shortening your discovery phase, and if using outsourced services, ensure you are working with qualified and experienced cyber security consulting firms that understand your environment and are going to implement processes that fit and will scale with your environment. Make sure that you have the right people with the right skill sets working on the right tasks, and ensure that you have ready the necessary resources for this collaboration.
  3. Improve the analysis and mitigation phases. By collaborating and sharing threat information and response tactics, you should be able to make these processes more efficient for regular usage.

Tip: don't forget to include your external security firm as they can help lend valuable experience and perspective. 

  1. Once you've reached closure phase, you have to learn to open up. Most companies prefer to sweep their bad days under the rug - what you should do instead is find ways to appropriately share those details, which will help others learn from your experience. This can be done anonymously or through an credible resource established to facilitate collaboration. Doing this can help prevent you be more proactive moving forward.

Tip: If possible, try to integrate these instances into your company-focused training - when done properly it can help strengthen the team. Just remember to not embarrass a team member or department in the process.  

Keeping Watch Over Infrastructure

Finally, you need to think deeply about your company's infrastructure. Try to avoid expensive and overly complex IT "solutions" just for the sake of technology. You need to ensure the solution addresses the risk and more importantly your staff and business has the expertise and time to support said solution. Instead shift your effort/risk ratio to be properly aligned with the Pareto principle. These steps, combined with smart investments in system upgrades system upgrades, hardware tracking, and maintenance, should provide you with what you need to maintain an enterprise wide Information Technology & Compliance Program - helping to mitigate the impact of potential breaches or failures.  

That aside, don't hesitate to ask us for help. If you want to ensure the safety of your IT systems with an experienced cyber security consulting company, look no further than Garland Heart.


New call-to-action