25 August 2022

What is the 1-10-60 Rule Of Cybersecurity? – [A Complete Review]

All organizations, especially medium and small-sized companies, are increasingly becoming the subject of sophisticated and frequent cyber assaults. Small firms target 43% of cyber assaults, but only 14% are ready to protect themselves.


Regular activities are disrupted, and critical IT assets and infrastructure may be damaged beyond repair if there isn't enough money or workforce to fix everything. The very nature of specific sectors makes them easier targets for hackers. While every industry is potentially vulnerable to a security breach, those directly impacting people's daily lives are more susceptible.


How Do Cybercrimes Rank Among the Worst Financial Offenses?


Companies throughout the globe would lose an expected $10.5 trillion annually to cybercrime by 2025, up from $3 trillion in 2015. Research Firms further assert that cybercrime is the most significant historical transfer of economic value, growing at a pace of 15% annually.


The effects of a cyber assault on a company might range from hardly noticeable downtime to catastrophic losses. Damage from a cyberattack always has repercussions. The price may be in dollars or other resources of your company.


Weeks or even months after a cyberattack, your company may still feel the effects. Here are five possible areas of decline for your company:

  • Losses in capital

  • Drop in efficiency

  • A damaged reputation

  • Criminal responsibility

  • Contingency planning issues

1-10-60 Is A Life-Saving Strategy

When you are the target of cybercrime, the time it takes you to discover and fix a security breach is of the utmost importance.

The 1-10-60 rule is one that professionals advise following, which states that the problem should be found within one minute, investigated within ten minutes, and fixed within sixty minutes.


Because of this, you won't have a chance to locate and eliminate a potential danger. Once a criminal has breached your defenses and obtained accessibility to your confidential content, they don't need much time to wreak catastrophic harm to your company. This process will happen very quickly.


Last year, Crowd Strike disclosed the findings of a survey they had taken of IT professionals. For the typical business to decide after reaching a compromise, it would require a maximum of 162 hours of effort. This time is equivalent to almost an entire week of working nonstop.


1. Dedicate 1 Minute To Catch


Discovering that your security has been breached is the very first step in protecting your company from further attacks of this kind. When a breach is found earlier, damage control measures may be implemented that are more likely to be successful. If a criminal stays hidden in your system for longer, they will have more opportunities to access sensitive information and find ways to take advantage of you.


It takes at least a few weeks, on average, to uncover if there has been a security breach. The range of possible times is from 13.21 days to 197 days, which is more than six months.


According to a study conducted by CrowdStrike, forty-four percent of organizations cited late detection as a prime motivator in the degree of the breaches they had experienced. Because of this, real-time threat detection is necessary to ensure survival if you find yourself the target of an assault.




When you have more knowledge about a breach, it will be simpler to control and eliminate the breach's effects. When looking into the origin of the threat, its intended victim, and the person responsible, investigators need to be as productive as possible. The gathering of this information should take no longer than 10 minutes, according to the recommendations of the specialists.


However, according to the research conducted by CrowdStrike, the investigation of a breach may often take longer than six hours, and only 53% of victims can even identify the attacker who was accountable for their intrusion.


Suppose you do not have access to this vital information. In that case, it will be challenging, if not impossible, to react correctly to the assault to restrict the amount of liability caused to your company to the greatest extent feasible. This retaliation needs you to have an in-depth understanding of your network system, including the locations of your sensitive data inside it and the kind of network-wide security mechanisms already in place throughout your organization.


This level of cybersecurity underscores the necessity for businesses to be able to monitor and trace any cyber activity that occurs in the digital world that surrounds their network. The digital footprints that third-party actors leave behind might provide insightful information about the tactics and goals of hackers.

3. 60 Minutes For Fixing


According to the research conducted by CrowdStrike, after an organization has identified and investigated a hack, it takes an average of 31 hours of nonstop grind to control the danger. This amount of time indicates that corporations are likely to require up to a whole week of working hours to contain the breach, which is far longer than the one day recommended for shutting down the attacker and avoiding future harm.


A halt in corporate operations for such a long period may have enormous ramifications for an organization, apart from the possibility of incurring penalties, financial losses, or theft of data or money.


A solid strategy that ethical hackers can implement in an emergency is the most efficient way to lessen the duration it takes to react to a situation when it arises. If you take a preventative approach to cybersecurity, you will place yourself in the best possible position to withstand an assault on your network.

Want to Share this Article?

About the author


The writer has a degree in Computer Science with a passion for content writing, my experience spans writing whitepapers, blogs, case studies, research reports, and more.

View More Posts