Cyber breach fatigue breeds complacency

 - 
04/08/2020

One thing I’ve noticed throughout this whole COVID-19 pandemic is the increase in cybersecurity hardening tips, tricks and solutions promoted on social media, adding to the already seemingly constant mentioning and discussion of data breaches taking place all over the globe. The more people see or hear of something, the less likely they are to take notice and actually do something.

Take the car alarm as an example. When this technology first became popular, very few people had heard the sound that a car alarm makes, so when it went off, people took notice. Now, in present day, car alarms are hardly even noticed, perhaps only when one is going off outside our bedroom window at 2 a.m. 

Therefore, it’s easy to understand how people can become fatigued with cyber breaches and why complacency can result. Of course, this is right up cybercriminals’ alleys. As consumers become more and more desensitized to data breaches, the more each becomes just “noise,” and not a thing to take seriously.  

I recently sat in on a virtual Women in Cybersecurity (WiCyS) panel discussion, “Cyber Breach Fatigue,” to gain more information. Panelists included Rhonda Bricco, service delivery manager and Cat Goodfellow, cyber engineering director, both at UnitedHealth Group and at Optum, Deb Doffing, information security, technology management professional and Sue Perkins, general management director.

Fact: During Q1-Q3 of 2019, 5,183 cyber breaches were publicly disclosed, resulting in 7.9 billion exposed records.

“A billion, a trillion … I don’t think the number of exposed records moves the needle anymore,” Goodfellow said. “I doubt there’s an adult today who’s personal information hasn’t been inadvertently released.” 

The thing is, unless you’ve been personally affected by a data breach and/or suffering a painful experience as the result, then, more than likely, reports seen about data breaches in all media outlets become just meaningless background noise. 

“A lot of [people] out there are becoming apathetic and despondent, and these breaches are becoming the norm, especially when the breaches are caused from a huge range of skills, from teenagers to very sophisticated teams extracting or manipulating information,” Doffing said. 

And, now for the “elephant in the room,” COVID-19. This pandemic has prompted breaches and phishing campaigns like never before seen. 

“We really need to pay attention and educate how important it is to be diligent during this time because people are really getting damaged personally, just with a click of the mouse,” Bricco warned. 

In the current virtual landscape and moving into the future, we all must fight cyber breach fatigue and complacency. It’s time to once and for all acknowledge that data breaches will happen; they impact lives; and there are actions to take to prevent personal data from getting breached/stolen, so complacency isn’t an option. 

“Understand the cost [not just financially] of potential breaches … and the risk of that breach,” Perkins said, “understanding these two components helps people understand what needs to be done.” 

Make now the time you took control of your personal information by taking action:

  • Demonstrate good password hygiene by using strong, different passwords for each log in.
  • Use different user IDs for each of your accounts. 
  • Don’t click on unknown URLs.
  • Be careful what you put out there about yourself and your family, including pictures, on social media platforms. 
  • Be mindful on what ads you click on. Cybercriminals watch these habits, learn what you like and then use that against you, for example, via a phish, vish or smish
  • Become more cybersecurity minded by asking for and researching security tool recommendations from trusted colleagues and friends.