Your new post is loading...
Oh dear. It may very well be National Cybersecurity Awareness Month, but a new study suggests that many of the general public have thrown in the towel and given up.
The detailed study, from the National Institute of Standards and Technology (NIST), suggests that the public is suffering from “security fatigue” and a feeling of helplessness when it comes to their online security:
“Participants expressed a sense of resignation, loss of control, fatalism, risk minimization, and decision avoidance, all characteristics of security fatigue. The authors found that the security fatigue users experience contributes to their cost-benefit analyses in how to incorporate security practices and reinforces their ideas of lack of benefit for following security advice.”
Resignation, fatigue, dread, decision avoidance… these aren’t good things. If users feel out-of-depth when it comes to securing themselves online they are either going to avoid making decisions or fall back on bad habits.
Some of the statements given by the study’s participants paint a concerning picture:
“Security seems to be a bit cumbersome, just something else to have and keep up with.”
“I think I am desensitized to it… People get weary of being bombarded by watch out for this, watch out for that.”
“…first it gives me a login, then it gives me a site key I have to recognize, then it gives me a passsword. So that is enough, don’t ask me anything else.”
“I get tired of remembering my username and passwords.”
“I never remember the PIN numbers, there are too many things for me to remember. It is frustrating to have to remember this useless information.”
“It also bothers me when I have to go through more additional security measures to access my things, or get locked out of my own account because I forgot as I accidentally typed in my password incorrectly.”
When you read comments like that, it’s understandable that some people are exhibiting signs of “security fatigue”.
