Persistent Warnings Are Causing ‘Security Fatigue’

Businesses are being warned that the sheer number of security warnings and instructions being imposed on their workers could lead to ‘security fatigue’ and expose them to risk.

Research from the National Institute of Standards and Technology (NIST) discovered the public is becoming tired of being ‘bombarded’ with alerts to update passwords in the wake of several high profile data breaches and avoid taking action or decide on the easiest option.

If anything, the number of successful attacks on large companies has led many to question whether it is actually possible to prevent such incidents.

Security fatigue

Also causing disillusionment is the requirement to remember multiple login credentials and use additional security measures and many feel they aren’t important enough to be targeted by cyberattacks in the first place.

And even then, they feel as though it’s someone else’s responsibility, such as an employer or retailer, to protect them.

The actual survey intended to find out more about usage habits but the fatigue was evident throughout the research. The authors say the findings are concerning given that more and more valuable data, such as health and banking details, is being stored online.

“We weren’t even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data,” computer scientist and co-author Mary Theofanos said.

“Years ago, you had one password to keep up with at work. Now people are being asked to remember 25 or 30. We haven’t really thought about cybersecurity expanding and what it has done to people.”

The authors suggest businesses limit the number of security decisions that end users are required to take, make it simpler for them to pick the right action and allow for consistent decision making. They suggest it will take a team of security experts and psychologists to make the situation better.

Only last week, users were being urged to exercise caution following the news that details of up to 500 million Yahoo accounts had been exposed, and the aftershock of a LinkedIn hack in 2012 is still being felt.

Are you a security pro? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

2 days ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

2 days ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

2 days ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

3 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

3 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

3 days ago