{"id":7439,"date":"2017-04-25T07:10:23","date_gmt":"2017-04-25T15:10:23","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/25\/news-1230\/"},"modified":"2017-04-25T07:10:23","modified_gmt":"2017-04-25T15:10:23","slug":"news-1230","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/04\/25\/news-1230\/","title":{"rendered":"How to fight security fatigue"},"content":{"rendered":"<p><strong>Credit to Author: Wendy Zamora| Date: Tue, 25 Apr 2017 14:00:55 +0000<\/strong><\/p>\n<p>We live in the age of the 24-hour news cycle. Each day, whether it\u2019s from TV news, phone notifications, online browsing, social media, or even the good old fashioned paper, we hear stories of the increasing dangers of cybercrime.<\/p>\n<p><a href=\"http:\/\/www.cnbc.com\/2017\/04\/17\/darktrace-on-why-artificial-intelligence-is-key-in-cybersecurity.html\" target=\"_blank\">Cyberthreats are growing more serious!<\/a><\/p>\n<p><a href=\"http:\/\/www.zdnet.com\/article\/a-russian-hacker-has-created-his-own-starter-pack-ransomware-service\/\" target=\"_blank\">Russian hacker starts his own ransomware service!<\/a><\/p>\n<p><a href=\"http:\/\/abc3340.com\/news\/local\/experts-say-tech-support-scam-is-picking-up-speed\" target=\"_blank\">Experts say tech support scams are picking up!<\/a><\/p>\n<p>Feeling overwhelmed yet? You\u2019re not alone. A recent study published by the National Institute of Standards in Technology (NIST) says that \u201csecurity fatigue\u201d is a real phenomenon affecting 63 percent of its participants. So what, exactly, is security fatigue? And why is it a dangerous, though understandable, phenomenon?<\/p>\n<h3><strong>What is security fatigue?<\/strong><\/h3>\n<p>Over and over again, people are bombarded with articles about criminals lurking on the Internet, security breaches in businesses and government, and the need to be constantly vigilant online. Our Malwarebytes researchers are asked by the press to comment on their discoveries of new forms of malware or the latest security breach on a nearly daily basis. And while the media are reporting on legitimate dangers, their fever pitch can leave readers and viewers frozen in a combined state of panic and helplessness.<\/p>\n<p>Users are encouraged to update passwords constantly, run antivirus programs, participate in two-factor authentication, read unwieldly EULAs carefully\u2014often without a clear understanding of why. According to the NIST report:<\/p>\n<p>\u201cPeople are told they need to be constantly on alert, constantly \u2018doing something,\u2019 but they are not even sure what that something is or what might happen if they do or do not do it.\u201d<\/p>\n<p>The volume of messaging, combined with an unclear understanding of how to move forward, is what leads to security fatigue, which NIST researchers define as \u201ca threshold at which it simply becomes too hard or burdensome for users to maintain security.\u201d In plain English, people are hearing so much about cybersecurity now that they\u2019re becoming desensitized to the dangers and cybersecurity best practices.<\/p>\n<blockquote>\n<p><em>\u201cI think I am desensitized to it\u2014I know bad things can happen. You get this warning that some virus is going to attack your computer, and you get a bunch of emails that say don\u2019t open any emails, blah, blah, blah. I think I don\u2019t pay any attention to those things anymore because it\u2019s in the past.\u201d<\/em> \u00a0\u2013Participant 101<\/p>\n<\/blockquote>\n<h3><strong>What happens when you\u2019ve got security fatigue?<\/strong><\/h3>\n<p>Security fatigue manifests itself in much the same way as what psychologists call <a href=\"http:\/\/www.nytimes.com\/2011\/08\/21\/magazine\/do-you-suffer-from-decision-fatigue.html\" target=\"_blank\">decision fatigue<\/a>. People reach a limit with how much information they can process, leaving them weary and unable to make a rational decision moving forward. Security fatigue impacts decision-making in the following ways. People might:<\/p>\n<ul>\n<li>avoid unnecessary decisions<\/li>\n<li>choose the easiest available option<\/li>\n<li>make decisions driven by immediate motivations<\/li>\n<li>choose to use a simplified algorithm<\/li>\n<li>behave impulsively<\/li>\n<li>feel resignation and a loss of control<\/li>\n<\/ul>\n<p>After the 10,000<sup>th<\/sup> story reminding you not to go to shady website, or to be aware of advertising on prestigious websites, or warnings about what is fake news and what\u2019s real, people with security fatigue will stick their head in the sand, cover their ears, and yell, \u201cLa la la! Don\u2019t tell me anything else!\u201d But it goes even deeper than that. When people are online and experience too many barriers to getting where they want, they experience frustration that shuts them down.<\/p>\n<blockquote>\n<p><em>\u201cIf you give me too many more blocks, I am going to be turned off. My [X] site, first it gives me a login, then it gives me a site key I have to recognize, and then it gives me a password. So that is enough, don\u2019t ask me anything else.\u201d<\/em> \u2013Participant 109<\/p>\n<\/blockquote>\n<p>In addition, psychologists Amos Tversky and Daniel Kahneman, who are cited in the NIST report, argue that when people are fatigued, they fall back on behavioral and cognitive biases when making decisions. This means that they might believe:<\/p>\n<ul>\n<li>They\u2019re not personally at risk (they have nothing of value that a criminal would want).<\/li>\n<li>Someone else is responsible for security, and if targeted, they will be protected.<\/li>\n<li>No security measure that they put in place will really make a difference.<\/li>\n<\/ul>\n<p>So now, not only are people tired and frustrated, they\u2019re also feeling fatalistic\u2014nothing they do will matter anyway, so they may as well not make an effort.<\/p>\n<h3><strong>We get it, but don\u2019t give up<\/strong><\/h3>\n<p>While this might seem like irrational behavior, psychologically it makes perfect sense. Users are conducting a cost-benefit analysis and, when presented with complex security advice that promises little and expects a lot, they decide it\u2019s not worth their time.<\/p>\n<p>Case in point: You\u2019re trying to transfer some money between bank accounts and can\u2019t remember the password. Then you have to reset the password, but you can\u2019t remember the password to access the email you signed up to the account with. So you reset THAT password. You finally sign into your bank account and discover you need to set up two-factor authentication\u2014so you wait for the text to come through on your phone, only to discover it\u2019s out of batteries and you need to charge it. Meanwhile, your antivirus is running a scan and has found a piece of malware on your machine, which means you\u2019ll need to close out of your online account and restart your computer. It\u2019s enough to infuriate the most Zen Buddhist.<\/p>\n<p>But! But\u2026it\u2019s problematic to turn your back to cybersecurity best practices entirely. Clearly doing nothing will not make cybercrime go away. If crime rates are rising in your neighborhood, would you stop locking your door because you\u2019re overwhelmed? Doubt it. But locking your door is a simple solution that can ward off a good portion of attacks. Adding a security system would double the protection. Again, fairly simple to install.<\/p>\n<p>So what are some simple ways you can stay protected online without feeling exhausted?<\/p>\n<h3><strong>Three simple steps<\/strong><\/h3>\n<p>There are three easy and effective steps you can take to ward off 90 percent of the crap out there while also maintaining your sanity. Without further ado:<\/p>\n<ol>\n<li>Get a password manager.<\/li>\n<\/ol>\n<p>On average, people are asked to remember 22 separate passwords, according to a BBC report. You\u2019re not supposed to write them down, and you\u2019re likely prompted to change them every few months for maximum security. Yeah. It\u2019s getting out of control. Simplify your life by using a password manager like <a href=\"https:\/\/1password.com\/\" target=\"_blank\">1Password<\/a>. It\u2019ll load all your passwords into one encrypted place with only a single master password to remember.<\/p>\n<ol start=\"2\">\n<li>Check before you click.<\/li>\n<\/ol>\n<p>Does it look suspicious? It probably is. This applies everywhere online, but is especially important for emails. Don\u2019t open email attachments or click on links asking for personal data unless you\u2019re 100 percent sure of who the sender is. Hover over the sender address if you need to confirm. And if you\u2019re still unsure, go ahead and Google the company name and see what comes up.<\/p>\n<ol start=\"3\">\n<li>Keep your devices and software updated.<\/li>\n<\/ol>\n<p>This one might be annoying, but at least you don\u2019t have to remember to update on your own. Your device and software will ping you when there\u2019s a new update to run. As soon as you see that notification, go ahead and run the update. For five minutes of inconvenience, you get a whole lot of peace of mind.<\/p>\n<p>And, finally, if you want to breathe a little easier and invest in a security system, consider a <a href=\"http:\/\/malwarebytes.com\/\" target=\"_blank\">comprehensive next-gen antivirus program<\/a> (boot your old antivirus out the door) that uses multiple layers of technology to catch all the latest threats. Let it run in the background full-time so you\u2019re always protected.<\/p>\n<p>Nothing is foolproof. But doing a little something is a heck of a lot better than doing absolutely nothing. Don\u2019t let security fatigue get the better of you.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/04\/how-to-fight-security-fatigue\/\">How to fight security fatigue<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/04\/how-to-fight-security-fatigue\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Wendy Zamora| Date: Tue, 25 Apr 2017 14:00:55 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/101\/2017\/04\/how-to-fight-security-fatigue\/' title='How to fight security fatigue'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2017\/04\/securityfatigue.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>We live in the age of the 24-hour news cycle. Each day, whether it\u2019s from TV news, phone notifications, online browsing, social media, or even the good old fashioned paper, we hear stories of the increasing dangers of cybercrime. Cyberthreats are growing more serious! Russian hacker starts his own ransomware service! Experts say tech support&#8230;<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/101\/\" rel=\"category tag\">101<\/a><\/li>\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/101\/how-tos\/\" rel=\"category tag\">How-tos<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/cybersecurity\/\" rel=\"tag\">cybersecurity<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/cybersecurity-awareness\/\" rel=\"tag\">cybersecurity awareness<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/security-fatigue\/\" rel=\"tag\">security fatigue<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/101\/2017\/04\/how-to-fight-security-fatigue\/' title='How to fight security fatigue'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/04\/how-to-fight-security-fatigue\/\">How to fight security fatigue<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[10519,4500,12081,11171,12082],"class_list":["post-7439","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-10519","tag-cybersecurity","tag-cybersecurity-awareness","tag-how-tos","tag-security-fatigue"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7439"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7439\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7439"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}