Learn what is the cyber fatigue

How cybersecurity is driving you crazy and tired because of the cyber fatigue — CyberForged

Good morning everyone! Today we are going to talk about how cybersecurity is driving you crazy and tired because of cyber fatigue. This is a topic that has practically nothing to do with the technical side of cybersecurity, but more with a topic that we have all encountered at some point. Have you ever felt like your work is interrupted by something as useless as cybersecurity? Have you ever felt like when they tell you from the cybersecurity department to change your password, it is totally useless and they do nothing but bother you with these things?

These types of behaviors or perceptions of cybersecurity may denote that you have cyber fatigue. What is it and how can we categorize it? Let’s take a look!

What is cyber fatigue?

Well, this is easy. Cyber fatigue can be defined as any negative perception of cybersecurity. That is, if there is any kind of dislike or disconnect between cybersecurity tasks and the worker themselves, cyber fatigue is very likely to exist. It is worth noting that this definition does not include factors such as education or factors such as trauma associated with cybersecurity. We always assume that a worker has been getting worse in their behavior and view of cybersecurity over time.

In this paper, we can see how he explains that cyber fatigue can come for two reasons: The first relates to a worker’s overexposure to cybersecurity. That is, that worker is already more than fed up with thinking about cybersecurity, and in the end, it causes an aversion to it. An example of this could be when very heavy cybersecurity training is given to the workforce. At the end of this training, everyone is likely to be cyber fatigued because of this overexposure.

The other reason a worker can become cybersecurity fatigued and suffer from cyber fatigue is through the actions that cybersecurity requires. Let’s imagine that we ask a worker in the human resources department to change his login password every 3 days. At first, he will have no problem if we explain to him that it is for cybersecurity and for the good of the whole company, but I can assure you that the third time he has to change the password, he will be more than tired of doing it and not remembering which one he has set the last one.

This situation will eventually cause this employee to perceive cybersecurity as something useless and try to fight against the rule of changing the password, putting some very similar ones, or even refusing to do it.

As we can see, we are not only talking about cyber fatigue affecting the psychology of each of the company’s employees but in the short, medium, and long term cyber fatigue also affects the company’s cybersecurity posture. It could be said that the more cyber fatigued workers are, the more insecure the company itself is.

Types of cyber fatigue

Now that we know what it means for a company worker to have cyber fatigue, we can look at the two types, each with its own characteristics and remedies.

The first is the cognitive type. This type of cyber fatigue can be caused by two main factors: A person is so cyber fatigued that his or her ability to make correct decisions is greatly diminished or that he or she has already built an incorrect habit.

As for the cognitive cyber fatigue associated with the ability to make decisions, it is clear: It is usually due to the worker being so tired that he is not able to follow already established processes as it often happens in the case of cybersecurity. For example, if a worker has to follow 8 different steps in order to perform a simple task, it is very likely that if he is tired he will not follow them and will try to do it in the most direct way possible. These types of behaviors directly affect cybersecurity as cyber fatigue causes agreed corporate procedures not to be followed.

As for habits, it is literally that: The person has become accustomed to acting in a certain way and directly acts in that way, this being detrimental to cybersecurity if the habit is insecure. We can also include in this factor the fact that people become insensitive to repeated stimuli, such as constant SSL warnings from a website. At first, we pay attention to it and probably do not access the page, but soon after we will start to ignore the message.

The other type of cyber fatigue is called attitudinal: The individual has a directly negative attitude towards everything that surrounds cybersecurity. This can be due mainly to three factors: If the worker does not really perceive value in what he is doing (cost-benefit analysis of the action of following cybersecurity procedures), has reactance (the negative response to being told what to do or how to do it, as in a cybersecurity policy) or directly thinks that disobeying cybersecurity rules does not bring anything bad (“if I do not comply with this policy, nothing will happen”).

With this, we would already have the types of cyber fatigue grouped and characterized. It would now remain to describe how we can combat it. We will do this in the next article, see you there!

Originally published at https://cyberforged.com on April 29, 2021.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store