Consciously or unconsciously, companies are still using the Pareto Principle to secure their organisation’s IT infrastructure, focusing their efforts and budget on the security gaps affecting 80% of the organisation and leaving the remaining 20% of the organisation vulnerable to attack. This 20% is often found in legacy systems too complicated or costly to secure or to upgrade, so they are ignored.
Sometimes it is 20% of the staff, typically the executives who prefer comfort to security, who open themselves to things like whaling attacks. On the flipside, hackers also apply the 80/20 rule, fine tuning their efforts to specifically target that 20% that companies fail to secure to produce 80% of their results.
“Simply put, that 20% that companies fail to secure is where hackers place 80% of their efforts. They do their homework. They know where companies are vulnerable and that is what they focus on,” says Willie Stebbing, an IT expert at Securicom.
The company’s Richard Broeke agrees saying that with intensifying focus on newer threats, companies are no longer paying attention to the basics – like antivirus and anti spyware on endpoints. Stebbing says that minding the ‘Pareto Principle gap’ requires regular assessment of all systems to identify vulnerabilities. “Vulnerability assessments are an eye opener. Specialised vulnerability assessments test for gaps and vulnerabilities in the environment. It’s like looking at the IT architecture through the eyes of a hacker to see where gaps and loopholes could be used to compromise it.
He concludes: “It is extremely important that all software in your IT environment gets assessed and updated on a regular basis. Install software patches promptly, monitor networks for suspicious activity, and monitor and quarantine devices that show unusual behaviour.”
For more information contact Securicom at www.securicom.co.za
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version