Accident triangle, also known as Heinrich’s triangle or Bird’s triangle, is a theory of industrial accident prevention. It shows a relationship between serious accidents, minor accidents and near misses. You can also read the safe pyramid from this blog: https://www.oshaoutreachcourses.com/blog/safety-triangle-the-safe-pyramid/

Inspired by Heinrich’s triangle or Bird’s triangle, I created an alike pyramid to illustrate a similar concept applicable to the information technology and cyber security field. We share the same observation: one impactful event usually has signs, precursors, and minor episodes ahead of the day of the avalanche. Many times, sadly enough, the problem is known by the insiders, but was not properly addressed by the principal.

There are a few common catalysts or accelerators:

  • Human mistake: can be the trigger but also be the failure of defense. This can be combined with lack of resource, lack of training, fatigue, and low morale.
  • Political agenda: sets up the background to the main event. The extra push, the unwise delay, the convenient ignore all could be the contributor.
  • Unusual pattern: like bad weather to a flight, a sudden surge of usage can expose the problem not common to the known state.

Here are some suggestions to prevent disaster pyramid from happening:

  • Identify and protect high value asset. Not every system makes the same damage. Understand what is important to you.
  • Strive for quality. Don’t let buzz words replace the simple word “quality”. Limit what timeline or budget can compromise on quality. Have the courage to choose “no go”.
  • Nurture a culture of “accountability”. Where everyone is a piece of the puzzle, we do need every piece to complete the puzzle.
  • Have a strong incident management program. Don’t let the 30 bubble up to 1. Do good root cause analysis, and act on it. Patch as soon as possible and fix as complete as possible. Incur minimum technical debt.
  • Focus DevSecOps. Link the 3 elements together. If Sec and Ops see a dev problem, report, verify and fix.
  • Imagine what is the worst scenario, then plan, drill, and have a solid continuity process and staff ready.
  • Lastly, training and communication. It can reduce the 1 on the top of the pyramid to just a fraction of it.

I wish some parts of this post useful.