2b. Prevalence

The prevalence of threats is a major driving factor for scoping and prioritization, especially in the modern era of ultra fast information sharing and virality. Even if there is only a potentially small window of exploitability within the threat landscape, if a threat is highly prevalent the chances of being targeted or victimized increase greatly.

Below, we will take a look at various sources to determine prevalence. It is worth noting that there is actual prevalence as well as perceived prevalence, both of which should be thoroughly considered, especially if on the product side of the house, where consumers’ attention is often paid to perception.

Telemetry

Reviewing actual occurrences of threats via alerts and events provides tremendous insight, specifically within environments falling into your purview. Keep in mind that this can also be a reflection of existing coverage, reflecting potential existing biases or feedback loops, and so can have a skewed perspective of actual prevalence.

Threat intel

Threat intel feeds, reports, and data sources spend a lot of resources dedicated to determining prevalence. Again, keep an eye out for skewing from biases and assumptions from the vendor’s perspectives.

Twitter (X)

Interestingly, many groundbreaking discoveries and announcements with regard to security get announced on X. You can also take advantage of comments, likes, and retweets to deduce awareness and prevalence.