According to a number of researchers, both the public and IT personnel are reaching the point of “cybersecurity fatigue”. We know we should change passwords but don’t, we know we should scan downloads for viruses but don’t bother, and we know we should keep patching software but turn off automatic updates. It seems there is so much concern about security that the problem is provoking emotional resistance.
It is understandable. End users are expected to remember two dozen unique passwords and usernames, change them often, fill in captchas, provide thumbprints, receive SMS passcodes, consent to trackers, register, log in and out, provide digital signatures, tap in PIN numbers, allow security updates, reboot, exchange digital keys and affirm we’re over 21.
It is worse for IT personnel. Dreams of coding and infrastructure improvements fade as work time is expended on sending password reminders, applying patches, running virus checks, adjusting firewalls, tweaking spam filters, and creating whitelists, blacklists, and compliance reports. It’s not a bundle of fun and seems to be de-sensitising us. As security threats and compliance regulations grow our reluctance, some say hopelessness grows too (see https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly).
Fatigue leads to avoidable vulnerabilities and regulatory risk exposures. People re-use old passwords and refuse to update software. There are also consequences for online businesses as visitors turn away from privacy alerts, login screens, identity challenges and captchas. Secure businesses lose custom and raise their bounce rate, damaging SEO.
If cybersecurity fatigue prevents web masters, VPN users and IT from being proactive about security, it encourages bad actors and makes it worse for everyone. Businesses on shared website hosting plans become more exposed to hacks if they are sharing a server with an insecure website. You can explore other options at https://www.names.co.uk/web-hosting.
A clear cause of cybersecurity fatigue is a multi-vendor environment. Research demonstrates a clear relationship between security breaches and the number of different cloud services a company uses. Consolidating applications on a single platform means fewer attack vectors, less patching, centralised logs, and fewer logins to administer.
Outsourcing routine operations can relieve IT fatigue. Backup and security services are readily available in the cloud. Your IT team may actually find time to embark on business innovations.
Great hope comes from AI and machine learning. AI automates many IT routines, but its real power lies in monitoring network activity for suspicious patterns.