Back to LinkedIn posts

LinkedIn post 32

Compounding probability in Cybersecurity

Compounding probability in Cybersecurity

Yesterday I saw a post about the "trick" to calculate the probability of winning at least 1 game in 100 given the probability of winning a single game.

I thought it could model the probability of a cybersecurity breach.

It doesn't exactly but may be useful as a quick, OPTIMISTIC estimate/baseline for the scenarios below:

☣️ generic breach in a company
☣️ multiple phishing attempts
☣️ brute force PIN/password guessing
☣️ hash collisions
☣️ risky period between a zero-day vulnerability until the patch

This is an idealized model assuming independent events with constant probability, while real-world breaches are correlated and probabilities change. One compromise enables others and attackers adapt.
Rare catastrophic events lead to a high expected loss.
State-sponsored actors are responsible for the explosion in incidents over recent years.

This may be useful if you're selling cybersecurity services or are a CISO needing to justify an increase in budget. 😉

timeline