“The tech news lately has been a bit grim. In one week, we saw both a 1.35Tbps attack against GitHub, followed shortly by a whopping 1.7 Tbps attack against a service provider. Writing about these huge attacks is nearly irresistible in the age of clickbait. Every tech journalist and blogger from here to Timbuktu can’t help themselves when it comes to writing an article about it. We will also see these numbers mentioned by every security vendor’s marketing department for the coming months — until the next record is set. And thus the cycle of life continues.
Wide reporting of these attacks has its benefits, but there is a mismatch between coverage and prevalence of these attacks. Why? These figures are really fun to talk about, and generate lots of interest. High severity attacks will always get more attention, even if they are statistically unlikely to affect your organization. These threats, while catastrophic, are probably not the basis around which you should build your security infrastructure. Imagine if you read an article that says ‘Falling coconuts kill about 150 people per year’. Thats horrible, but unless you work in the coconut industry, you probably shouldn’t spend your budget on coconut proof helmets just yet. We often focus on the scary trends instead of the likelihood of a given threat.”