Persistent Warnings Are Causing ‘Security Fatigue’

Businesses are being warned that the sheer number of security warnings and instructions being imposed on their workers could lead to ‘security fatigue’ and expose them to risk.

Research from the National Institute of Standards and Technology (NIST) discovered the public is becoming tired of being ‘bombarded’ with alerts to update passwords in the wake of several high profile data breaches and avoid taking action or decide on the easiest option.

If anything, the number of successful attacks on large companies has led many to question whether it is actually possible to prevent such incidents.

Security fatigue

Also causing disillusionment is the requirement to remember multiple login credentials and use additional security measures and many feel they aren’t important enough to be targeted by cyberattacks in the first place.

And even then, they feel as though it’s someone else’s responsibility, such as an employer or retailer, to protect them.

The actual survey intended to find out more about usage habits but the fatigue was evident throughout the research. The authors say the findings are concerning given that more and more valuable data, such as health and banking details, is being stored online.

“We weren’t even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data,” computer scientist and co-author Mary Theofanos said.

“Years ago, you had one password to keep up with at work. Now people are being asked to remember 25 or 30. We haven’t really thought about cybersecurity expanding and what it has done to people.”

The authors suggest businesses limit the number of security decisions that end users are required to take, make it simpler for them to pick the right action and allow for consistent decision making. They suggest it will take a team of security experts and psychologists to make the situation better.

Only last week, users were being urged to exercise caution following the news that details of up to 500 million Yahoo accounts had been exposed, and the aftershock of a LinkedIn hack in 2012 is still being felt.

Are you a security pro? Try our quiz!