Last month NIST released a study warning of widespread security fatigue as end users report feeling defenseless against malicious attacks. Survey respondents displayed a general frustration and weariness around online account security. As a result, many have taken the stance of merely hoping that they’re not a high-value target instead of taking steps to fortify their defenses.
Paired with findings that expose IT departments are challenged with defending against internal threats, this situation takes on a nightmarish tone for IT professionals. What we’re seeing is a perfect storm of security exposure with no clear remedy in sight. And for every new take on combatting the age old password dilemma, like using brave waves to authenticate users, there’s reason to believe that hackers will still be able to compromise private data.
The only antidote to security fatigue in this advanced threat landscape is a blend of culture, education, and having the right tools in place to empower individual team members to take a renewed interest in security. Here’s my suggested formula:
Create a culture that values cyber security.
Management needs to promote cyber security as a company-wide priority. If your management team has already defined their top 3 priorities and cyber security didn’t make the cut, then there are ways to piggyback security onto any business objective. For example, if as an organization, innovation is a top objective, remind internal leaders that the underlying digital transformation that unlocks efficiency and productivity for all teams from Marketing to Engineering is only possible when properly secured.
Enable employees to master their credentials.
Non-IT staff need the tools required to play a role in safeguarding their credentials with the growing number of online accounts necessary to fulfill their roles. Password managers, password generators and automated password resetting give users the upperhand against malicious actors and that type of power dynamic boosts confidence. Make sure these tools are accessible and easy-to-use so it’s simpler for users to choose the secure route.
Educate your team so their fear isn’t debilitating.
Resources are readily available that demystify online account security, and as a general rule of thumb, steer clear of fear-based education around cyber security. For example, passwords can easily be much harder to hack if they’re passphrases and who doesn’t like a bit of wordplay? As a security professional, I bet you have a few tricks up your sleeve to defend your own accounts with a bit of novelty; share those with your team.
With this three-step plan, IT teams provide solutions and improve everyday experiences that greatly diminish security fatigue.