Dear readers, are you overwhelmed with trying to remember 20 or more passwords for work and your social media, retail and banking accounts? Have you ever decided it’s just too much trouble to change passwords regularly as advised, or have you declined to open a new online account because it’s just another password you will have to remember?
If so, you are not alone.
If you have done any of those things, you may be suffering from “security fatigue” — thus causing your online accounts to be at risk — and costing businesses lost customers and profits, according to a new study from the National Institute of Standards and Technology (NIST).
Researchers found that a majority of the typical computer users they interviewed experienced security fatigue that often leads users to unsafe cybersecurity behavior at work and in their personal lives.
The study defines security fatigue "as a weariness or reluctance to deal with computer security." One of the study’s research subjects said, “I don’t pay any attention to those things anymore… People get weary from being bombarded by ‘watch out for this or watch out for that.’”
“The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people’s everyday life,” cognitive psychologist and co-author of the study, Brian Stanton said. “It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet.”
Participants in the study revealed the exhaustion of being on constant alert and trying to understand the multiple aspects of online security issues.
Some individuals said it is up to their bank or online retailer to safeguard their personal data. Participants also asked how they could successfully protect their online accounts when large organizations frequently report data breaches.
Researchers found this disillusionment among users leads to feelings of resignation and loss of control. This frustration can lead to avoiding decisions, choosing the easiest option among alternatives, behaving impulsively, and failing to follow security rules.
That is scary news because such behavior and feelings of indifference can jeopardize personal security and financial well-being, Department of the Navy networks, and can thus impact national security.
We must take charge of our own security and be savvy about cybersecurity risks and implement best practices directed by DON instructions and experts and organizations that provide up-to-date news and advice about emerging cybersecurity threats, such as the DON Chief Information Officer, Federal Trade Commission; National Cybersecurity Center of Excellence (NCCoE); the Stop.Think.Connect. Campaign, sponsored by the Department of Homeland Security; and the Federal Bureau of Investigation, just to name a few.
In this issue of CHIPS, DON cybersecurity officials discuss strengthening cybersecurity to ensure mission execution while other experts offer advice about how you can protect your personal online accounts and identity.
As the U.S. Navy infograph, at right, depicts: The cybersecurity threat is real — and it's not going away.
On Oct. 22, the New York Times and Washington Post reported an unprecedented, massive denial of service attack on Dyn, a major provider of domain name system, or DNS, services — a vital part of internet infrastructure that enables users to connect to websites… The FBI and Department of Homeland Security are investigating the attack, according to the reports.
Many thanks to the authors who have contributed articles to this very important topic, please take advantage of their cybersecurity knowledge and experience.
Welcome new e-subscribers!
Sharon Anderson is the CHIPS senior editor. She can be reached at
The study referenced is available for download: Paper: B. Stanton, M.F. Theofanos, S.S. Prettyman, S. Furman. Security Fatigue. IT Professional, Sept.-Oct. 2016. DOI: 10.1109/MITP.2016.84