According to a study by the National Institute of Standards and Technology (NIST), online security threats are still an issue.
The paper found that people feel “overwhelmed” with having to be on constant alert from cyber attacks. They are also negatively affected by the proliferation of online security measures available to protect themselves. As a result, many ignore the warning signs of a possible attack. As one individual remarked: “I get tired of remembering my username and passwords.”
Mary Theofanos, co-author of the study and computer scientist at NIST, said:
“Years ago, you had one password to keep up with at work. Now people are being asked to remember 25 or 30. We haven’t really thought about cyber security expanding and what it has done to people.” However, sites like LastPass can help us keep track of our passwords.
Comments from respondents to the study illustrated that online users were unaware of how much they were at risk. For example, “many interviewees” said they didn’t think their information was significant enough to be of interest despite security warnings. Others stated that they didn’t know anyone who had ever experienced a cyber attack. This comes as a shock since more than 20 WordPress sites are hacked every minute of every day.
There are ways to improve user behavior and to reduce so-called security fatigue, which is described as “a weariness or reluctance to deal with computer security”. According to the authors of the paper, this includes reducing the number of security-related decisions a user has to make. It also means simplifying the process for users to “choose the right security action”.
Earlier this year, the second annual RSA Cybersecurity Poverty Index stated that organizations need to take change of their cyber security efforts. “We need to change the way we are thinking about security, to focus on more than just prevention. We need to develop a strategy that emphasizes detection and response.” This comment came from Amit Yoran, president of the RSA.