Hot take: Threat intel feeds are mostly noise for SMB marketing

I went to a conference in Austin last month and every vendor was pushing their threat intel feeds like it's the golden ticket. But I've been tracking our click through rates on cyber marketing content for 3 years now, and the posts about simple stuff like password hygiene get 4x more engagement than anything with 'APT' in the title. Why are we all trying to sound like we're defending NATO servers when most of our customers are dental offices with 15 employees? Has anyone else noticed their actual leads come from basic advice, not advanced threat hunting?

4 comments

4 Comments

kim_johnson5124d ago

Well hold on now, y'all are missing the bigger picture here... Threat intel feeds are actually the best thing for SMBs whether they know it or not. Look at it this way, dental offices might not be defending NATO but they're still holding patient records with social security numbers and insurance info that's worth real money on the dark web. The reason those APT subject lines get 30% open rates is because fear is a powerful motivator and small business owners are finally waking up to the fact that the bad guys don't care how big you are. I've seen smaller shops get absolutely wrecked by targeted ransomware that started from simple intel feeds they ignored because they thought it was just noise. Repackaged VirusTotal data or not, having someone filter through the endless stream of garbage and point out what actually matters to a 15 person office is worth its weight in gold. Password hygiene gets clicks because it's easy and comforting, but threat intel gets conversions because deep down everyone knows the real scary stuff is way more complicated than changing your password every 90 days.

tara_patel25d ago

Actually you're a little off on the click through rates thing. I manage a similar data set for a small security vendor and the password hygiene content gets more clicks but the threat intel stuff gets way more conversions. Those dental offices still open about 30% of emails with 'APT' in the subject line because it sounds scary. The real problem is most feeds are just repackaged VirusTotal submissions and public CVE lists with a logo slapped on top. I'd rather see vendors be honest about what they're actually tracking instead of pretending they're hunting zero days.

carter.casey25d ago

Hold up, dental offices opening 30% of those APT emails? That is wild to me. I've been running little A/B tests on our newsletter for a local MSP and the numbers were nothing close to that. We got maybe 5% on anything with "advanced persistent threat" in the line, but 40% on "patch your router before the weekend." I honestly thought people just ignored the scary buzzwords by now. Those dentists must be more nervous than I thought.

uma_ellis24d ago

Guess I've been doing it wrong this whole time, @kim_johnson51. Maybe my dentist clients just click on router patch stuff because they're tired of their kids stealing the WiFi.