When we speak generally, the word FOMO is often used. When the meaning of this word is searched, it turns out to be fear of missing out. As per the internet, this word is used for the feeling that one gets when he or she is apprehending or missing out on a certain experience, event, decision, or a piece of information that could have made their life better if they knew. However, this is not always true; this is just a feeling that the person gets when they are missing out on something.

The first time this was identified, FOMO was thought to be a phenomenon that involved overactive and negative impulses of emotions which is the reason for someone’s disrupted sense of judgment resulting in poor decision-making in different situations.

This situation is a little bit different when it comes to cyber security. FOMO is also used in this area, but the original meaning is not applicable here. However, the meaning is somewhat similar to the original meaning but is still based on a different idea. The meaning of FOMO here is the fear that is felt by an individual of missing a cyber threat or fear of an idea of failing to protect a firm or organization. It is basically an emotional Trap that the analyst who is responsible for looking after the security of an organization might see as. They feel this because they are the first line of Defence when it comes to security operations for an enterprise and anything that goes wrong would be considered, and this is why they feel emotionally burdened by the fear. This fear is very stressful as the work of the security officer and the operation center is to create a defense against the threat, but sometimes this fear might take over, and even after creating all kinds of walls of Defence, the operators might feel burdened by the apprehension of missing some threat.

Security operation center teams work hard to catch any possibility of threat and are careful of every piece of information. They confirm the data and validate it before moving to the next step. This phenomenon creates a lot of pressure on the security operation Centre team members and overloads them with a general sense of guilt for missing something. Mostly such teams have both resources and human shortages, which makes them get worked up over their general process. The SOC teams are efficient enough to create a good defense for the company, but sometimes the fear of missing out and doing something wrong might make their work a lot tougher than it actually is. 

 Since the SOC teams are already overloaded with work, FOMO can worsen this situation. This way leads the team or team members to Falter. It can lead to them not being able to prioritize things that need to be done. For instance, this can overburden the team, and they might stop checking and analyzing low importance data. Skipping the process of checking information that might be of low importance can lead to them taking the wrong step in creating a defense against cyber security. This will negatively impact the team’s efficiency to the point where some real threats might get missed. 

Here is how FOMO issues can be a threat

1. In the case of logical over-monitoring, Over tuning leads is one of the biggest fears of a soc team. They often work towards maintaining noisy untuned detection rules. It is a frequently asked question how one can know if it gets compromised while tuning to the endpoint. It is crucial to consider the exclusions carefully so that the specific use case is as accurate as possible. However, it is a cost-benefit decision, so there are many points that the team needs to keep in mind before working on logical over-monitoring.
2. When operation over monitoring is considered, Several reviews must be checked for every incident for validation Regardless of the impact indicator complexity or the security level. Every incident must be checked again and again before final validation. This means that you have to review every single log every time; however small it is, to ensure that no important step is missed. A statistically based review is an alternate and more effective approach to ensure the invested effort in the task is related to the incident critically.
3.  Methodological over-monitoring is where the tactics and procedures are overpowered by the hunt for indicators by the SOC teams. Specific vulnerabilities and indicators are the areas where the SOC analyst puts his effort into. This is done by using hunting queries and dedicated detections that show the latest vulnerability report and threat indicator. So instead of putting efforts and investing time in a wider control threat coverage model, they work in this area.

The bottom line FOMO in cyber security is the fear of missing out on a threat. This is an emotional Entrapment of the analyst and the team members who are working on security and are responsible for creating a wall of Defence against all the cyber threats and attacks for an organization. This feeling hinders the team’s work and can sometimes lead to missing out on real threats while working hard in thinking of all possible threats out there.