Human beings and organizations suffer from a cognitive condition known as recency bias. Recency bias “is a cognitive bias that favors recent events over historic ones. It is the tendency to place too much emphasis on experiences that are freshest in your memory—even if they are not the most relevant or reliable.”
Case in point: bank failures. Grabbing all the headlines lately is the failure of three large banks: Silicon Valley Bank (SVB), Signature Bank and Credit Suisse. “SVB was previously one of the largest banks serving the tech startup industry — and the 16th largest bank in the U.S. overall.”
Now, if you’re a tech startup with significant deposits at SVB, that’s probably got the majority of your focus right now, as it should. But, what the bank failure cannot do is to distract you from other threats you face because of recency bias. Threats like cyberattacks.
The one thing we know for sure is that these bank failures will not deter cybercriminals from doing what they do. In fact, in may be worse. Hackers may use the recency bias caused by bank failures to specifically target those same distracted startups who have deposits at SVB.
Bigger Problem: Banks or Hackers?
There are three reasons why cyber threats are still far more worrisome than bank failures. First, is the sheer size of the problem. While these bank failures are on the order of tens of billions of dollars (admittedly a very large amount of money), losses due to cybercrime are on the order of trillions of dollars.
The second reason why cyber threats are worse is because of a likely government backstop. Because these bank failures affect so many companies at one time, the government probably feels obliged to provide some sort of financial support to protect those companies by bailing out the banks.
Now, compare that with a cyber breach that affects only your company. It’s probably unwise to expect any help from the government. More than likely you’re on your own.
Finally, the most important reason why cyber threats are worse than the risk of bank failure is because everyone is vulnerable. There are a lot of ways of limit banking risk including limiting deposits at any one bank and diversifying deposits across several banks. There are no such diversifying countermoves for cybercrime. If you’re a company, you’re at risk.
A Smart Move
When it comes to cyber threats, you may not be able diversity away your risk, but that doesn’t mean you can’t proactively protect yourself. And one of the best ways to do that is with threat modeling.
By identifying threats to your applications and systems, threat modeling forces you to think like an attacker before they even have a chance to launch their attack. And once the threats are identified, threat modeling is used to identify mitigations to those threats. In this way, threat modeling protects more companies from a bigger problem.
If a recent bank failure is impacting your organization, by all means go ahead and address it. But don’t ignore those cyber threats. And if you don’t think you have time for threat modeling, we suggest you look at ThreatModeler. It’s the closest thing there is to one-click threat modeling.