These days, logging into your workplace's online database can feel like going through a full identity check for the police. There are so many passwords, pin numbers and questions to remember that it's no wonder you get tired of having to go through a myriad of security precautions every time you want to access a certain file or service. This attitude, while understandable, is known as cybersecurity fatigue, and it could be detrimental to the safety of your business' information.
It's up to professionals in IT careers to combat cybersecurity fatigue and ensure Australian businesses never become complacent about the ever-present threat of cybercrime.
Australia's growing cyberthreat landscape
Recent research has found that half of all Australian businesses had been victims of a cybersecurity incident in the preceding year. The biggest risks reported included ransomware, data breach and advanced persistent threats. The frequency of threats is rising, with 72 per cent of affected businesses reporting that they had experienced a ransomware attack, compared to just 17 per cent in 2013.
The biggest concern revealed by the report, however, is the apparent lack of action demonstrated by some companies. For instance, 8 per cent of respondents were unsure if they had been victims of cybercrime, and 43 per cent chose not to report incidents because they see no value in it. This suggests that complacency is a worryingly big issue in Australia.
Cyberthreats such as ransomware are becoming increasingly prevalent in Australia.
The problem of complacency and fatigue
A study from the National Institute of Standards and Technology (NIST) revealed the prevalence of cybersecurity complacency and fatigue, a surprising result considering it was not the original intention of the research.
"We weren't even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data," said Mary Theofanos, computer scientist and co-author of the report.
This fatigue can lead to risky computer behaviour as even experienced IT professionals become desensitised and overburdened by extensive security measures and constant threats. According to co-author Brian Stanton, this is an important issue for individuals and businesses alike.
"The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people's everyday life. It is critical because so many people bank online, and since healthcare and other valuable information is being moved to the internet," said Stanton. "If people can't use security, they are not going to, and then we and our nation won't be secure."
The report suggests some steps to manage fatigue and complacency, including:
- Establishing a protocol for making decisions about cyber risk.
- Developing processes to dictate the right security actions to take.
- Minimising the choices employees must take regarding cybersecurity.
Ultimately, however, it's IT staff that will be the turning point for dealing with cybersecurity fatigue. Our consultants can help you find cybersecurity staff that will stay alert in the face of cyber risk and ensure you always have the best possible protection. Get in touch today!