When it comes to cyber security breaches, timing is everything. The faster you can identify and resolve a digital breach, the safer your brand—and your customers’ personal data—will be overall. Cyber attacks occur on a daily basis, and it is impossible to prevent all threats or breaches.
But your organization can stay ahead of modern attacks by practicing the 1-10-60 rule of cybersecurity. This rule will help you develop a goal-oriented framework around which to design a comprehensive and responsive security strategy.
What is the 1-10-60 rule of cyber security?
Simply put, the 1-10-60 rule of cyber security is a goal that your security team should try to achieve through practice, use of modern technologies, and other methods. The rule is intended as a metric to help your team reduce the time to hack from all vulnerabilities, including those launched from local endpoints. Ransomware, malware, and other threats require rapid incident response, including threat hunting, remediation, and more.
Rule 1-10-60 of Cyber Security states that your security team should take:
· One minute to detect a digital hack
· 10 minutes to investigate the violation
· 60 minutes to correct or resolve the violation
Let’s take a closer look at each of these elements one by one.
One minute to identify the violation
The faster you can catch a security incident or breach, the faster you can take steps to resolve it and improve resilience. That’s why the first step to the 1-10-60 rule of cybersecurity is to establish that your business was compromised in the first place.
Your organization should aim to achieve an average time of 1 minute to detect breaches from their respondents. In other words, it should take your security team one minute or less to determine that your firewall has been breached or that your brand has been compromised by another digital threat.
In comparison, it takes many organizations many hours or weeks to recognize that they have been attacked or hacked in the first place. The longer it takes, the more vulnerable your business will be to long-term damage or serious digital theft.
10 minutes to investigate the violation
The second component of the 1-10-60 rule of cyber security is taking 10 minutes to investigate the breach. The more information your security team gathers about a digital breach, the easier it will be for them to contain and/or neutralize the problem.
Thus, your team should spend some time investigating the threat, its attack vector, and its likely goals or objective (ie, opening a larger breach, stealing customer data, etc.). However, never spend too much time on this step; The more time you spend investigating, the less time you have to resolve the issue as the attacker continues his work.
Compared to the average, the time span of 10 minutes is quite fast. Most organizations take a few hours, days, or even weeks to investigate a breach (after taking quite a while to determine that they’ve even been attacked).
60 minutes to repair the breach
The last part of the 1-10-60 rule of cyber security is to spend 60 minutes or less fixing the breach. In other words, you want to patch every digital weakness your security stack has in less than an hour.
The reasons are clear. The faster you fix a breach, the less damage a digital attacker can do to your organization. Most organizations take many hours or days to contain digital threats once they have been detected. But if your team can get that down to less than an hour, the chances of a cyber security attack being particularly devastating goes down significantly. Even sophisticated hackers take a long time to complete data theft or other malicious purposes.
Taken together, Cybersecurity Rule 1-10-60 sets a standard and framework for a security response that your team can follow. If your brand can master the 1-10-60 rule of cyber security, it will be well equipped to defend itself against any cyber attacks.
Cybercriminals are masters at avoiding endpoint detection and causing data breaches, especially for cloud security networks. Therefore, following the 1-10-60 rule of cyber security combined with effective authorization technology to protect your endpoints is an absolute must.
Why is the 1-10-60 rule of cyber security important?
The 1-10-60 rule of cyber security is important because it can be difficult for cyber security teams to know how to allocate their time and energy or how to prioritize their efforts.
For example, after discovering that a firewall has been breached, a cybersecurity team may initially spend much more time than necessary investigating the threat. Cybersecurity’s 1-10-60 rule solves this problem by telling the team they only have 10 minutes to do their investigation before they have to move to at least initial remediation/security fixes.
Think of the 1-10-60 Rule of Cyber Security as an effective guideline to help your team fix security flaws as soon as possible without compromising the quality of their solutions. Nation states, the healthcare industry and all threat intelligence agencies are taking advantage of the 1-10-60 rule to reduce cyber risk from threat actors and improve the quality of the antivirus response, including with next-generation automation strategies and tools.
Broadly speaking, the 1-10-60 rule of cyber security emphasizes the importance of speed for security teams. When solving the problem quickly is everything, knowing how quickly the work needs to be done helps brands pour more money into cyber security and change their training approaches to ensure a faster, but still effective, response to digital breaches.
How long does the average breach response take?
The 1-10-60 rule of cyber security is especially important in the modern digital age, as it takes many organizations weeks or months to discover they have been attacked and influence the responses or solutions to these breaches. Based on our analysis, the average breach response takes well over six months before a standard business detects an attack, investigates it, and installs a security patch or otherwise prevents the same attack from occurring in the future.
How to Ensure Your Organization Follows the 1-10-60 Rule of Cyber Security
To make sure your organization is following the 1-10-60 rule of cybersecurity and achieving its rapid standards, you should take several steps at the earliest opportunity.
Employ a dedicated security team
First and foremost, your brand should employ a dedicated security team if it doesn’t already. The security team can be a cadre of in-house cybersecurity experts, such as people who work for your brand who know the strengths and weaknesses of your defense network and how to best use countermeasures in response to the most common digital attacks in your industry.
However, you may be better served by hiring a third-party cybersecurity team, especially if most of your IT infrastructure is located in the cloud. Third-party cybersecurity agencies can provide 24/7 monitoring and responses to all digital breaches, plus they are often more cost-effective than hiring dedicated cybersecurity staff with salaries, benefits, etc.
Exercise regularly
No matter who provides your cyber security services, they should be trained regularly. If you rely on an in-house cybersecurity team, make sure they train themselves to improve their response times so they can meet Rule 1-10-60 of the Cybersecurity Standards.
If, for example, your team hosts a penetration test with an ethical hacker, and they find that it takes more than an hour to thoroughly investigate the breach, your team should prioritize reducing that time to 10 minutes or less.
Practice makes perfect, especially when it comes to timing-based methodologies like the 1-10-60 rule of cybersecurity. The more training your team has under their belt, the better they will perform under pressure when a real cyber attack occurs.
Stay up-to-date on modern threats
Finally, your cybersecurity team needs to stay up-to-date and knowledgeable about modern and evolving cyber threats. Cyber security is always changing, and the likelihood of an attack affecting your business can change from day to day.
With this in mind, remember that your cyber security responses should be agile and adaptive. If you’re spending too much time training for last year’s most common cyberattacks, your team may be unprepared for a new cyber threat knocking on your digital door.
Implementing an effective endpoint protection suite
Adhering to the 1-10-60 rule of cyber security will set your organization up for minimal damage in the event of a cyber attack, but how can you prevent it outright? The best way to prevent a cyber attack in the first place is to establish an effective cyber security stack. Permit logging is fundamental to total prevention and should be at the forefront of a cyber security stack that wants to prevent digital threats.
to wrap
The 1-10-60 rule of cyber security is a good security standard that you should strive to meet. By achieving and maintaining a 1-minute, 10-minute, and 60-minute scheduled response for each phase of a cyber attack response, your organization will be much safer and much more responsive in the face of a digital attack.
