According to a study by the National Institute of Standards and Technology (NIST), online security threats are still an issue.
Security fatigue, or simply being tired of online security warnings has made some people feel indifferent towards potential risks.
The paper found that people feel “overwhelmed” with having to be on constant alert from cyber attacks. They are also negatively affected by the proliferation of online security measures available to protect themselves. As a result, many ignore the warning signs of a possible attack. As one individual remarked: “I get tired of remembering my username and passwords.”
Mary Theofanos, co-author of the study and computer scientist at NIST, said:
“Years ago, you had one password to keep up with at work. Now people are being asked to remember 25 or 30. We haven’t really thought about cyber security expanding and what it has done to people.” However, sites like LastPass can help us keep track of our passwords.
Comments from respondents to the study illustrated that online users were unaware of how much they were at risk. For example, “many interviewees” said they didn’t think their information was significant enough to be of interest despite security warnings. Others stated that they didn’t know anyone who had ever experienced a cyber attack. This comes as a shock since more than 20 WordPress sites are hacked every minute of every day.
The paper also revealed that many online consumers think the internet itself should keep them safe. Some felt their online safety should be protected by authoritative figures, such as their bank.
There are ways to improve user behavior and to reduce so-called security fatigue, which is described as “a weariness or reluctance to deal with computer security”. According to the authors of the paper, this includes reducing the number of security-related decisions a user has to make. It also means simplifying the process for users to “choose the right security action”.
Earlier this year, the second annual RSA Cybersecurity Poverty Index stated that organizations need to take change of their cyber security efforts. “We need to change the way we are thinking about security, to focus on more than just prevention. We need to develop a strategy that emphasizes detection and response.” This comment came from Amit Yoran, president of the RSA.
Thank to welivesecurity.com for their article on the subject. Keep online visitors safe by scanning your site daily for security holes. Trust Gaurd can help!
Leave a Reply