Talk about cybersecurity is everywhere, from boardrooms to beach outings. But to chief information security officers (CISOs), it is more than conversation — it is the focus of their work. Just like thieves who rob from houses, cybercriminals target those who are least protected. That’s why awareness is critical to help security leaders combat cyber fatigue among employees, who are most likely to become gateways for enterprise security breaches.

Change the Record

The most frequent pleas from cybersecurity experts revolve around passwords. Users should change their passwords frequently, use complex strings of characters, and never use the same password on more than one login. The advice is sound and, if followed, could reduce the number and severity of data breaches. The fact remains, however, that every time a warning is issued, the impact is less effective.

When the largest of organizations can’t protect its data from theft or interruption, regular users find it easier to retreat to their old ways, assuming that their data and the information managed by the companies they work for will inevitably fall prey to some kind of breach. The combined drone about changing passwords and the apparent ineffectiveness of precautions falls on increasingly deaf ears.

For consumers, even potentially devastating events such as credit card theft can be considered mere inconvenience because payment companies protect their customers by immunizing them from unauthorized charges. In fact, it’s normal for a credit card company to catch fraudulent charges immediately and notify the cardholder that they have been reversed. While this is surely a responsible action on the part of the provider, it further insulates the customer from the effects of increasingly frequent attacks.

Password Reuse Facilitates Credential Stuffing

The combination of password access and social engineering is the most frequent and widespread method data thieves use to gain access to sensitive data. Both techniques rely on user behavior as opposed to specific technologies.

One such behavior is users’ tendency to open many accounts, then forget their activities. Customers often sign up for and then abandon online services, leaving their login credentials intact. These dormant accounts, many of which are pro,tected by recycled login information, are ripe for the practice of credential stuffing — using a valid login for one account to compromise accounts on other sites. Furthermore, if a credential contains a corporate email address, crooks might be able to access enterprise data. And of course, fraudsters will try to log in to online banking and credit card accounts as well.

Cracking the Cyber Fatigue Conundrum

There is no easy resolution to the password conundrum, because creating and remembering multiple highly secure passwords for every account is simply too daunting. Password managers offer viable tools to both generate secure passwords and simplify the task of managing them, but users are still loathe to use them.

These tools are not end-all solutions to data breaches, and user education requires investments of time and attention without the hype that leads to cyber fatigue. Regular updates and helpful guidance may be the only ways to cajole users into taking increased responsibility for their own security — and their company’s.

More from CISO

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today