"Cybersecurity Fatigue" is emerging as a dangerous threat to effective cybersecurity programs. A new study by National Institute of Standards and Technology (NIST) (www.nist.gov) found that the well-intended drumbeat of cyber security alerts and warnings has led to burnout and a sense of fatalism among ordinary people, including the employees that firms look to as their first line of cyber defense.
Businesses need to take affirmative steps to ensure that a culture of cyber security weariness in our society does not lead to cyber security sloppiness on the job.
Cybercrime gambits like phishing, spear phishing, business email compromise and social engineering all rely on innocent but unwary employees being led to do the cyber criminal's dirty work. For this reason, cyber security experts recognize that the greatest vulnerability in most organizations comes from their own people.
The new NIST research shows that limiting employee-based vulnerabilities may be more difficult than anticipated precisely because cyber vulnerabilities are receiving such a high level of attention. "We weren't even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data," said study co-author Mary Theofanos.
Effective employee cyber security awareness programs must overcome apathy, motivate changed behavior, and generate clarity out of a barrage of confusing messages. Simply relying on written policies and regular exhortations from IT professionals may not work. In fact, such an approach may exacerbate cyber fatigue and drive cyber risk higher. HR departments and human factor safety experts are emerging as the newest partners in the cyber risk response process because they know how to effectively deliver programs to change employee behavior. Without their expertise, employee-based cyber defense plans may be doomed to ineffectiveness from the start.
To counter security fatigue, effective cyber security programs will focus on simplicity of systems, training that imparts a sense of competency and control to recipients, and monitoring that catches and flags poor employee security habits early. In the current context, the costs of ignoring the human factors are just too great.
Our team at PalmTech feels strongly that educating staff on cyberthreats is imperative in order to reduce risks. Contact us at (561)969-1616 with any questions or concerns. In fact, get in touch with us by December 15th for a *FREE Cybersecurity Assessment and we will not only provide a full review of any vulnerabilities we find within your network, but we will discuss putting a plan in place to mitigate risks which would include employee security awareness and education.
*Offer valid to qualified prospects with 15 or more computers and a minimum of 1 server.