ThreatSTOP Blog

Focusing on the worst threats may actually increase your cyber risk

Written by Ofir Ashman | October 14, 2021

Don't get killed by the current while trying to avoid a shark attack. Yeah, ok, we know that's a weird opening sentence for a cyber security-related blog post, but give it a second and you'll see what we mean.

In 2020, 57 people were attacked by a shark (unprovoked). You've seen the movie Jaws, or grew up by the beach, and at some point in your life imagined a shark fin making its way towards you while in the water. Something about the ocean and its endless depth just calls for swimmers to imagine the worst. But what happens when a swimmer fixates on the worst possible scenario, so much so that they become under-sensitive to more likely threats? What if they spend all their energy scanning the horizon for a looming great white shark and don't notice a poisonous jellyfish (which are also lethal), or that they've been swept out to sea by a riptide? The same goes for cyber security.

It has become extremely trendy to focus all (or most) security efforts on the biggest and baddest attacks (and don't get us wrong - they are definitely big and bad). But many organizations fail to notice that while doing this, they are overlooking the rest. Networks are constantly being pestered by noisy bad traffic, and often get breached with harmful malware. SOCs become bombarded with alerts, their efforts spread thin and their energies sucked away leading to alert fatigue. Then comes the paradox - focusing on the worst possible attack allowed less-horrible-but-still-bad attacks to happen, taking away all the security team's resources and leaving them ill-prepared for a truly horrible attack. We believe security should work in the other way around.

Block the noisy stuff early. When you get the noise out of the way, you'll actually be able to see major incoming threats and stop them in time. For many of our customers, the first practical benefit they get from ThreatSTOP is a reduction in alert fatigue and an enormous reduction in SOC workload. Take the University of Baltimore for example - after installing ThreatSTOP, they immediately saw a 90% reduction in help desk tickets.

On top of that, a ton of attack methods, infection vectors and threat infrastructure are recycled over time. Gartner has predicted that over time, "99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year".  On our own systems, we have seen thousands of IOCs being reused for various malicious activity over and over again. ThreatSTOP protects from known threats and newly registered IOCs, providing our customers with an instant 85% reduction in malware infections and help desk tickets. That way, they save time, money, and the resources they need to concentrate on the toughest 15%.

 

Get an expert-led overview of ThreatSTOP or start a free trial today: