Have you ever heard about Pareto's law? A curious rule of thumb says that 20% of the work done will bring 80% of the result, and vice versa — the remaining 80% of the work will bring only 20% of the result. Various experts in their field try it on themselves. Economists say that 20% of the population consumes 80% of the resources created, and system administrators that if 20% of errors are corrected in Windows, 80% of problems will disappear. Our security team engineers apply it to the total number of leaks. It turns out that 80% of software vulnerabilities are accidental, and 20% are intentional. Let’s talk about how we use Pareto Principle in the cyber defenses field.
The Pareto Law (PP) or the 80/20 principle states that only 20% of efforts give 80% of the result, and the remaining 80% of efforts give only 20% of the result. The mathematical dependence that formed the basis of PP was derived by the Italian economist and sociologist Vilfredo Pareto back in 1897.
For a generation, the importance of PP has been underestimated. Despite the fact that a number of economists, including American ones, realized the importance of this law, it was only after the Second World War that two people simultaneously, but independently of each other, began to demonstrate to the world what the PP is capable of.
In 1949, Harvard philology professor George C. Zipf discovered the law of least effort, which, in essence, was a rediscovery and detailed substantiation of PP. Zipf's law stated that resources (people, goods, time, knowledge, or any other source of product) self-organize in such a way as to minimize the work expended. Therefore, approximately 20% of any resource provides for the implementation of 80% of the activities associated with this resource. In order to demonstrate the constant recurrence of this pattern of imbalance in various fields, Zipf looked at population statistics, the field of philology, and the dynamics of the industry.
Another pioneer in the practical application of PP was the American engineer Iosif Yuran, born in 1904 in Romania, a recognized quality guru; this man stood at the origins of the quality revolution of 1950-1990. He proclaimed the Pareto law (or, as he sometimes called it, "the law of the decisive few") as synonymous with finding ways to improve product quality.
In his opinion, the observance of this law is very common in various areas, for example:
Everyday situations show that most people on the planet wear only 20% of the clothes that they have in their wardrobe 80% of the time.
Pareto's law in life extends to reading books, as well as to the choice of a certain kind of literature. It has been proven that 80% of all books that a person has read in his life did not give him any useful information, but, on the contrary, affected the deterioration of vision and led to a waste of time. Only 20% of the literature read gives a person 80% of all the new knowledge and skills they successfully apply in everyday life.
Criminals are a vivid example in society — 20% of all convicts and prisoners in the world committed 80% of all crimes.
In marketing and sales, the Pareto Principle is best known for its formulation that 80% of profits come from 20% of customers. At the same time, 80% of sales come from 20% of products.
In life, it is necessary to set the three most productive hours in a day, during which a person will be able to perform up to 80% of all planned activities with the best result.
Criticism of the Pareto principle is more related to mathematical calculations: the real distribution of the effectiveness of efforts leading to a result can be anything and not necessarily 20/80; the distribution can change significantly if the selected values are grouped in a different order.
Another "pitfall": the properties of the system are determined by a certain set of parameters, the contribution of each of which to a specific property can vary significantly. By optimizing the system with an eye only on the Pareto rule, you can get into trouble by getting rid of an insignificant parameter in one property but decisive in another. In some cases, especially in the service sector, it is impossible to organize activities so as not to expend energy on 80% of rarely requested options or other inefficient aspects of the activity. There is a saying in the scientific community: ''20% of scientists make 80% of discoveries and inventions that would be impossible without the efforts of the remaining 80% of scientists.''
It is challenging to deal with intentional leakage and have a high level of cyber resilience. Information is "leaked" either because of money or personal motives. Accidental leaks most often occur due to inattention or due to the illiteracy of employees. For example, they use the name of the wrong function in software development. Sometimes such cases lead to very ironic consequences. For instance, in the State of Detroit, the police department accidentally sent out a file with uniform sizes not only for male police officers but also for women, with all the data on the volume of the chest or waist. Many recipients noted that police officers of both sexes love donuts. At times, the consequences can be fatal, as was the case when, as a result of treacherous negligence, ten parcels were sent from Utah with anthrax spores.
In a large company, there are several ways to set up security controls and protect yourself from the inattention of employees. First, you need to do educational work about critical security flaws and security resources during the discovery phase. It is rightly said that ''forewarned means protected,'' and the performance of companies that apply this rule is a prime example.
The second stage of protection is the use of DLP systems. It passes data streams through it, filtering data by certain keys. When the system detects sensitive information, an active code is triggered as threat information, which blocks data transmission. All these methods are good in their way in different systems, and have pros and cons, but what does the Pareto principle have to do with it, you ask? With that, there is another interesting way to deal with leaks.
A month ago, the Dmail extension appeared on the network, which allows you to block access to a letter even after it has been sent. For Gmail users, it has a built-in timer function that allows you to block a letter after a specified time after sending; it can be hours and days, and weeks. Curiously, Google recommends this service itself.
Returning to the field of information security (IS), it should be noted that according to various estimates of experts (including according to NIST — the National Institute of Standards and Technology of the USA), the main cause of damage to electronic information in the late XX — early XXI century in about 75% of cases was unintentional human error. In other words, the share of qualified personnel working in information security was about 20%.
It is known that over the past ten years, the annual volume of spam in electronic mailboxes around the world was ~80%, i.e., on average, users only received about 20% of the emails they were interested in when they used email.
According to Western experts, the leakage of 20% of commercial information in most cases leads to the the company's bankruptcy. In other words, 80% of commercial information is of no interest to anyone, including the firm's competitors.
As you know, the main perpetrators of computer crimes in ~80% of cases are employees of the organization, i.e., the number of loyal employees who comply with all safety standards and rules adopted by the company is ~20% of the total number of the company's employees.
Based on the above, the following hypotheses can be formulated:
Unfortunately, there’s no single formula to win the battle against cybercrime. However, the Pareto Cybersecurity 80/20 Principle provides practical guidance on how IT leaders can deal with this issue efficiently. They need to shift efforts and resources toward the threats that pose the greatest threat before tackling those with a lower impact on the business. You still have to establish the appropriate measures for the remaining cyber risks. But at 80 percent, the cybersecurity 80/20 rule means you’ll have covered all key bases.
Enjoy this blog?
Please, spread the word :)
Pareto Principle in IT Security
''Fiddle with'' web traffic like a pro with Fiddler web debugger
Geniusee received an ISO 27001:2013 certificate
Organizational structures of IT department
But did you know that 80% of software vulnerabilities are accidental, and 20% are intentional?
Written by Ihor D.
Over the years has been developed a number of tools for inspecting traffic. Let's look closer at one of the best in the development community.
Written by Roksoliana V.
Find out how we received an ISO 27001 certificate and what benefits you gain from it - read and get into details in our news item!
Written by Yaryna Y.
How to properly assemble the efficient work of your IT department to get the best business results and amaze your customers? Learn here with Geniusee.
Written by Sofiia K.
Learn how UX testing methods can help you provide a better user experience and customer journey, which lead to increased revenue flow.
Written by Dmytro M.
These useful insights for FinTech, based on the real case might save you a fortune and prevent you from hidden dangers on your path to victory.
Written by Sophia K.
What is the Anonymous group, what was before it, when did it first reveal itself to the world, and what and why they do now - in the article!
We are honored and happy to be ranked among the world leaders in our industry and we will continue to evolve together with our clients.
If you are interested in how to create an online learning platform like Udemy or Coursera, now is the time to do so while the market is in a booming phase.
Written by Nazariy H.
We are thrilled to develop for you and develop ourselves. Another recognition is already here to prove the highest quality of services we deliver!
Cyber security breaches might cost a fortune for your company and that's something you definitely don't want to happen. Our expertise can prevent you from that.
In this article, we’ll explore the top most successful FinTech startups and financial technology companies you need to pay attention to in 2022 and beyond.
Written by Sofiia V.
Fintech is a fertile ground for development. However, there are barriers to entry with regulations. But don’t worry; this guide will give you the information you need to get started!
We are honored to be recognized as an ISO 9001:2015 certified company. Why constant growth is important to us and why it matters for our clients - read here.
If you are still undecided on the Agile vs. Waterfall vs. Scrum vs. Kanban conundrum, this article will point you in the right direction.
Written by Alisher A.
We can either change an existing retail software
solution or develop retail software from scratch that meets your requirements. Let's discover our
successfully implemented projects in the field of e-commerce.
A digital platform built to merge traditional banking systems with new-age digital assets such as cryptocurrencies and NFTs. The platform allows tracking and managing of children’s (6-17 y.o) spending...
Android and iOS mobile app with automated payments, add geolocation services, integrate local market stakeholders, and as a result - the product for rapid grocery delivery in 15 minutes? Say no more....
Meet one of our clients – Drum! This 5-star application is a platform designed for creators. That’s a great tool for people who care about their personal brands to engage with their followers, earn...
Our client, a technology solutions company in MedTech, aims to make the latest technological advances available to millions by providing high-caliber, more affordable solutions to all. Target audience:...
Our main goal was to develop a digital platform for healthy habits called EinkaufsCHECK. We aimed to create a hybrid app for iOS and Android for the easiest and most accurate diet tracking and food...
Our client is a secure, automated platform that streamlines the merchant cash advance process and enables ISOs and lenders to manage their businesses from one centralized, convenient place. Combining...
For Crave retail Geniusee has developed 2 enterprise mobile applications that solve the double-sided problem for every shopper visiting the fitting room. The Fitting Room application allows shoppers...
Outstanding case in Geniusee portfolio, Pause – mobile app for meditation. iOS application was downloaded 1000+ times on the launch day.
The Ajuma company was founded by a couple after the birth of their child. They wanted to protect their baby from the harmful effects of ultraviolet radiation sunburn and from potentially generated skin...
Zedosh is a new digital advertising platform that financially empowers Gen Z. Using Open Banking, we provide insights into their spending behaviour, tips on how to master money and crucially, the ability...
Revenu is an All in one POS (Point of sale) management system . It uses the latest trends of technology to manage different types of Food & Beverage from scratch up to reaching ultimate clients...
Realm Five develops devices that collect various data, such as soil moisture, rainfall, amount of water in tanks, condition of tractors and their location, etc. from different parts of agriculture.
FactMata is an AI-based platform that identifies and classifies content. Advanced natural language processing learns what different types of deceptive content look like, and then detects...
Tradesmarter is leading in providing white label trading solutions offering a web responsive trading platform that enables top financial companies to unleash a new era of competition, innovation...
Swoon is an online furniture brand with a difference. Their main idea is that everyone should be able to buy beautifully designed and crafted furniture at reasonable prices. The brand has...
Frenotec LLC is a motorcycle distribution company eventually grew into the nation’s largest distributor of Brembo motorcycle brake components as well as became the exclusive importer and...
Validify Access is a new innovation discovery platform that showcases only best-in-class and pre-vetted emerging retail technology solutions. Validify helps leading retailers access curated...
NCourage was created to understand the nature of anxiety & stress, the cause of problems with falling asleep, which promotes personal growth, success work and increase productivity....
Wyzoo App is built on artificial intelligence and learning techniques to identify patterns in your customer data.
Tamam on-demand mobile application connects customers with independent local couriers, who acquire goods from any restaurant or shop in a city and also deliver urgent packages for a variable...
DigitalBits™ is an open-source project supporting the adoption of blockchain technology by enterprises. The technology enables enterprises to tokenize assets on the decentralized DigitalBits blockchain;...
The blockchain based platform - Totalizator. The goal of this R&D project was to validate the possibility of using blockchain technology in order to create an objective betting platform.
The Virtual Console is the graphics space that actually allows you to control your light shows during live events. It visually displays a number of so called widgets and aim to represent all...
PoolParty app allows increasing your popularity on Instagram by sharing links to the community of users, that will like, share and follow such links.
My Uber app allows everyone with a car to join the community of uber drivers within a couple of clicks - the company will take care of everything else. My Uber provides support and education for all...
Due to the high volatility of the cryptocurrency market, a trading company faced with an issue that traders need to quickly analyze cryptocurrency market information.
This system provides a complete omnidirectional view for armored vehicles crew (transparent walls effect) and the possibility to receive necessary data and interactive tips on helmet screen.
BuzzShow is a video social media network which incorporates the blockchain technology in a reward-based ecosystem. The platform offers full decentralization and a unique social media experience to users...
ZaZa is an expert in online learning and education abroad that helps its clients to get the highest quality services for quite affordable prices. They bring together native-speakers from all over the...
PrintBI has the largest and most detailed database of printing companies worldwide, powered by advanced technologies and market intelligence tools.
Tell us how we can help you.