The 80/20 Rule, or Why Choose a Risk-Based Strategy
By : Frédérik Blais
Before we get into the nitty-gritty, let's first lay the cards on the table and get a picture of the situation. What's going on in the world of cybersecurity right now? Why are so many companies getting hacked day after day? Let's take a closer look at what the big picture is and how we can address it with the 80/20 risk-based strategy.
Advanced Hacking Techniques vs. Inadequate Cyberdefense
First, let's take a look at the problem. On one side we have the hackers. To begin with, we must understand that hacking can be very, very lucrative. In many cases, hackers make a career out of it and earn their living this way. Therefore, their daily tasks boil down to two things: finding a thousand and one ways to defeat the security tools put in place by organizations and continuously inventing new hacking methods in order to penetrate your network as easily as possible. So far, there are more than 200 known hacking techniques, including ransomware, brute force attacks, or code injections, to name only the best known.
On the other side of the fence – you guessed it – is you and every company targeted by these hackers. The problem is made more severe because companies consistently underestimate the risks of hacking or even ignore them entirely. To make things worse, we notice a growing number of vulnerabilities in companies in Quebec and Canada (and worldwide as well) in their systems, servers, software, and even in human error. In addition, there is currently a major shortfall of specialized cybersecurity analysts and the majority of cyberdefense tools organizations are using are obsolete. Outdated tech, no specialists, and staff who aren’t educated about safety protocols – it’s a potent mix that hands hackers a significant advantage.
The 80/20 Strategy
There are many ways to improve an organization's cybersecurity. What we see now in organizations are measures that are applied by intuition or by imitation, without any real knowledge of the particulars of the organization's risk profile.
The 80/20 strategy, on the other hand, has been developed through our many years of experience helping clients address their specific cybersecurity issues. It’s basically about taking concrete, targeted actions to improve cybersecurity. In other words, we align cyberdefense measures with your company's cyber risks. We begin by detecting and understanding what the top cyberthreats targeting your organization are, and then implement the best possible solutions to mitigate the risks we’ve identified.
80/20 in Five Steps
1- Collect and Document the Cyberthreats That Affect You
First, collect data from your IT team as well as information related to cyberthreats known to target your industry. The goal is to understand the risks related to your business based on facts and real data and target our defense strategy to these real threats.
2- Establish a Gap Analysis
Once we’ve identified the risks affecting your organization, it’s time to prioritize the risks and determine which threats are most likely to occur. Then it’s time to do a gap analysis of which cyber threats are targeting you vs. the cybersecurity measures you have in place. In this step, you will create a matrix to help visualize your results. This way, it's possible to get a single picture of the ability you have to defend yourself and identify the gaps in your cyberdefense.
3- Communicate Cyberthreats Across the Organization
Step 3 is to present the gap analysis to senior management. You can use the matrix produced in Step 2 as a visual aid to give a quick overview of the situation to the executives. It will be a useful support to help you justify investments in new measures and/or resources. It’s important to keep senior management informed at all times and to provide them with regular updates to communicate progress.
4- Implement Cybersecurity Measures and Mitigate Risks
As you will have noticed during the gap analysis, the traditional tools like firewalls and antivirus that you thought were protecting you don’t give you coverage against all the threats that target you. At this stage, you need to put in place the tools that will allow you to counter the risks you’ve identified during the gap analysis. It’s not abnormal to have two tools that protect you against one type of risk. But if you have three or four tools for a single risk, we strongly advise you to review the distribution of your investments in cybersecurity tools.
5- Maintain Active Monitoring
The final step is to understand that there is no final step. Computer security is not static. Staying ahead of evolving threats requires continuous action and active monitoring. Set aside time daily to analyze the information generated by the security tools in place and redo your gap analysis on a regular basis.
Outsourcing Cybersecurity
If your IT (or security) team is limited, a company like StreamScan that offers its outsourcing services can be added to your team and to help you develop and execute your strategy. Whether you need help conducting a risk assessment, developing a security plan, or implementing a Managed Detection and Response solution, StreamScan has experts with many years of experience who can help. Get in touch with us at smbsecurity@streamscan.ai or call us at 1 877-208-9040.
Frédérik Blais is StreamScan’s growth chief and has been helping our customers develop their cybersecurity program for nearly 4 years now.