Security fatigue in online users is “exposing them to risk”, according to a study by the National Institute of Standards and Technology (NIST).
The paper found that people feel “overwhelmed” with having to be on constant alert from cyberattacks, as well as negatively affected by the proliferation in online security measures to protect themselves.
As a result, many will ignore the warning signs of a possible attack. As one individual remarked: “I get tired of remembering my username and passwords.”
Mary Theofanos, co-author of the study and computer scientist at NIST, said: “Years ago, you had one password to keep up with at work. Now people are being asked to remember 25 or 30. We haven’t really thought about cybersecurity expanding and what it has done to people.”
Comments from respondents to the study illustrated that online users were unaware of how much they were at risk.
For example, “many interviewees” said they didn’t think their information was significant enough to be of interest.
Others stated that they didn’t know anyone who had ever experienced a cyberattack.
The paper also revealed that many felt their online safety would be protected by authoritative figures, such as their bank.
There are ways to improve user behavior and to reduce so-called security fatigue, which is described as “a weariness or reluctance to deal with computer security”.
According to the authors of the paper, this includes reducing the number of security-related decisions a user has to make, as well as simplifying the process for users to “choose the right security action”.
Earlier this year, the second annual RSA Cybersecurity Poverty Index stated that organizations need to take charge of their cybersecurity efforts.
“We need to change the way we are thinking about security, to focus on more than just prevention – to develop a strategy that emphasizes detection and response,” Amit Yoran, president of the RSA, commented at the time.