Talk about cybersecurity is everywhere, from boardrooms to beach outings. But to chief information security officers (CISOs), it is more than conversation — it is the focus of their work. Just like thieves who rob from houses, cybercriminals target those who are least protected. That’s why awareness is critical to help security leaders combat cyber fatigue among employees, who are most likely to become gateways for enterprise security breaches.
Change the Record
The most frequent pleas from cybersecurity experts revolve around passwords. Users should change their passwords frequently, use complex strings of characters, and never use the same password on more than one login. The advice is sound and, if followed, could reduce the number and severity of data breaches. The fact remains, however, that every time a warning is issued, the impact is less effective.
When the largest of organizations can’t protect its data from theft or interruption, regular users find it easier to retreat to their old ways, assuming that their data and the information managed by the companies they work for will inevitably fall prey to some kind of breach. The combined drone about changing passwords and the apparent ineffectiveness of precautions falls on increasingly deaf ears.
For consumers, even potentially devastating events such as credit card theft can be considered mere inconvenience because payment companies protect their customers by immunizing them from unauthorized charges. In fact, it’s normal for a credit card company to catch fraudulent charges immediately and notify the cardholder that they have been reversed. While this is surely a responsible action on the part of the provider, it further insulates the customer from the effects of increasingly frequent attacks.
Password Reuse Facilitates Credential Stuffing
The combination of password access and social engineering is the most frequent and widespread method data thieves use to gain access to sensitive data. Both techniques rely on user behavior as opposed to specific technologies.
One such behavior is users’ tendency to open many accounts, then forget their activities. Customers often sign up for and then abandon online services, leaving their login credentials intact. These dormant accounts, many of which are pro,tected by recycled login information, are ripe for the practice of credential stuffing — using a valid login for one account to compromise accounts on other sites. Furthermore, if a credential contains a corporate email address, crooks might be able to access enterprise data. And of course, fraudsters will try to log in to online banking and credit card accounts as well.
Cracking the Cyber Fatigue Conundrum
There is no easy resolution to the password conundrum, because creating and remembering multiple highly secure passwords for every account is simply too daunting. Password managers offer viable tools to both generate secure passwords and simplify the task of managing them, but users are still loathe to use them.
These tools are not end-all solutions to data breaches, and user education requires investments of time and attention without the hype that leads to cyber fatigue. Regular updates and helpful guidance may be the only ways to cajole users into taking increased responsibility for their own security — and their company’s.
Freelance Writer and Former CIO