Talk about cybersecurity is everywhere, from boardrooms to beach outings. But to chief information security officers (CISOs), it is more than conversation — it is the focus of their work. Just like thieves who rob from houses, cybercriminals target those who are least protected. That’s why awareness is critical to help security leaders combat cyber fatigue among employees, who are most likely to become gateways for enterprise security breaches.

Change the Record

The most frequent pleas from cybersecurity experts revolve around passwords. Users should change their passwords frequently, use complex strings of characters, and never use the same password on more than one login. The advice is sound and, if followed, could reduce the number and severity of data breaches. The fact remains, however, that every time a warning is issued, the impact is less effective.

When the largest of organizations can’t protect its data from theft or interruption, regular users find it easier to retreat to their old ways, assuming that their data and the information managed by the companies they work for will inevitably fall prey to some kind of breach. The combined drone about changing passwords and the apparent ineffectiveness of precautions falls on increasingly deaf ears.

For consumers, even potentially devastating events such as credit card theft can be considered mere inconvenience because payment companies protect their customers by immunizing them from unauthorized charges. In fact, it’s normal for a credit card company to catch fraudulent charges immediately and notify the cardholder that they have been reversed. While this is surely a responsible action on the part of the provider, it further insulates the customer from the effects of increasingly frequent attacks.

Password Reuse Facilitates Credential Stuffing

The combination of password access and social engineering is the most frequent and widespread method data thieves use to gain access to sensitive data. Both techniques rely on user behavior as opposed to specific technologies.

One such behavior is users’ tendency to open many accounts, then forget their activities. Customers often sign up for and then abandon online services, leaving their login credentials intact. These dormant accounts, many of which are pro,tected by recycled login information, are ripe for the practice of credential stuffing — using a valid login for one account to compromise accounts on other sites. Furthermore, if a credential contains a corporate email address, crooks might be able to access enterprise data. And of course, fraudsters will try to log in to online banking and credit card accounts as well.

Cracking the Cyber Fatigue Conundrum

There is no easy resolution to the password conundrum, because creating and remembering multiple highly secure passwords for every account is simply too daunting. Password managers offer viable tools to both generate secure passwords and simplify the task of managing them, but users are still loathe to use them.

These tools are not end-all solutions to data breaches, and user education requires investments of time and attention without the hype that leads to cyber fatigue. Regular updates and helpful guidance may be the only ways to cajole users into taking increased responsibility for their own security — and their company’s.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today