USERS IGNORE CYBER SECURITY ADVICE DUE TO ‘OVERWHELMING’ NUMBER OF WARNINGS
Consumers are suffering from “security fatigue” because they receive too many warnings about cyber attacks, a report has claimed.
The US National Institute of Standards and Technology (NIST) said the majority of computer users are showing risky behaviour as a result, both at work and at home.
One of those questioned in the study said they “don’t pay any attention to those things anymore”, warning that they were “weary” after being “bombarded” with security messages.
“The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people’s everyday life,” said cognitive psychologist and co-author of the report Brian Stanton.
“It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet. If people can’t use security, they are not going to, and then we and our nation won’t be secure.”
The study found that many computer users are feeling overwhelmed by how many security warnings they receive. Some of their complaints were:
- “I get tired of remembering my username and passwords.”
- “I never remember the PIN numbers, there are too many things for me to remember. It is frustrating to have to remember this useless information.”
- “It also bothers me when I have to go through more additional security measures to access my things, or get locked out of my own account because I forgot as I accidentally typed in my password incorrectly.”
Security experts said although the results of the study relate to consumers, those working in cyber security are facing a similarly overwhelming number of challenges.
“While this study highlights security fatigue amongst users, it can be just as bad if you actually work in security for a living,” said Huntsman Security’s head of product management Piers Wilson.
“As organisations have got better at detecting threats and attacks, and bought more and more control and detection solutions, the average security analyst now has an ever-growing stream of warnings and alerts to triage, investigate, understand and resolve.
“Quite often, due to well-publicised staff and skills shortages, they will be working in a team that is the same size, or at least hasn’t grown in line with the volume of threat information and false positives they are now dealing with.
“In addition, when a threat alert is encountered, the task of gathering the relevant information and data to understand, contain, escalate and resolve it can mean working with dozens of separate systems where various bits of the jigsaw puzzle are held.
“Alert fatigue is therefore an equally big challenge for businesses that need to protect themselves.”