Imagine a scenario many security practitioners are familiar with: A bizarre post on an obscure social media account surfaces. It could be construed as a threat against a company executive. But it's unclear. To further complicate the situation, a different executive at the organization has recently been under public scrutiny, and the security team has been swamped monitoring related issues.
So what does an investigator do with a single ambiguous social media post when their workload bandwidth is already thin? It can't be ignored, but as it stands, that post is only a single data point — a basis for concern, but maybe not for any action.