What crosses your mind when you hear the word fatigue? Does it remind you of the times when you return home tired after an intense workout session, or of tiredness in general? In either case, it signifies the intent to give up the intent to rectify something amiss. To the dismay of most CISOs today, such a thing has crept up the minds of employees for whom cyberattacks, especially data breaches, are just part of everyday life now. This article deals with this phenomenon, technically termed ‘Breach Fatigue‘ and some subtle ways of combating it.
With billions of users getting affected by data breaches over the years, a good fraction of modern employees has lost the zeal to be proactive when it comes to reporting and solving related issues. A lot of suspicious activities are either ignored or lost in the chain. Breach fatigue also involves irresponsible behavior in following security protocols, such as timely updates of passwords, antivirus software and implementing timely patches. As a result, companies have to deal with repeated cases of data breaches, a lot of which involve confidential data, which in turn leads to operational inefficiency and loss of brand equity.
There can be no rulebooks that can guide contemporary employees to get over breach fatigue since it is not the exact work they get paid for. Instead, it is the responsibility of all CISOs to develop a culture of general proactiveness through a clear communication framework that involves the following components:
Breaches are like diseases, they cannot be stopped from entering our systems, but can be contained only when responded with a sense of alarm. In this regard, the first step towards minimizing data breaches in most companies is to create communication channels that can combat breach fatigue and enable employees to show greater ownership in mitigating organizational cyber risk.