Senior Editor Bill Brenner scours the Internet in search of FUD. The goal: separate hot air from genuine action items. Senior Editor Bill Brenner will scour the Internet in search of FUD – overhyped security threats that ultimately have little impact on a CSO’s daily routine. The goal: help security decision makers separate the hot air from genuine action items.Most mornings, I start the work day with an inbox full of emails from security vendors or their PR reps about some new malware attack, software flaw or data breach. After some digging, about half turn out to be legitimate issues while the rest – usually the most alarming in tone – turn out to be threats that have little or no impact on the average enterprise.The big challenge for security writers is to separate the hot air from the legitimate threats. This column aims to do just that.But for this to work, audience participation is a must. The goal is to make this an interactive exercise, with readers offering their two cents on the latest threat reports and whether they truly demand action. If you see a threat that’s been overplayed or underplayed, let me know and I’ll include it in the next column.For the sake of getting the conversation started, I’ll give you an example of something I ultimately deemed to be FUD. Three years ago when I was writing for another security publication I got an e-mail quickly followed by a phone call from a PR person eager to flag a “new and serious” threat discovered by the security vendor she represented at the time.The security vendor wanted the world to know about a new technique in which the bad guys could, from different locations, saturate wireless access points with log-in requests using multiple password combinations, clogging a company’s central authentication server. The vendor described this as “phlooding,” embracing the then-popular trend of coining words starting with the letters “ph” [phishing, pharming etc.]The PR rep described phlooding the way others might describe the collapse of the Internet. Since then, nobody I know of has claimed to have suffered a catastrophic case of phlooding.I wrote about the threat, but did so from the perspective of IT security pros who were getting annoyed with all the “ph” words flying (phlying) their way.I’m fairly certain everyone has an example of FUD to talk about. Those who do should e-mail them to me at bbrenner@cxo.com.Let’s have some fun (phun) and, in the process, make it a little easier for our peers to separate the hair-raising from the hyperbole. Related content feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO CSO and CISO C-Suite news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe