INFOGRAPHIC: Studies show ‘security fatigue’ may trigger apathy in wake of Equifax hack

September 20th, 2017

By Byron V. Acohido

There is no mistaking that, by now, most consumers have at least a passing awareness of cyber threats.

Two other things also are true: All too many people fail to take simple steps to stay safer online; and individuals who become a victim of identity theft, in whatever form, tend to be baffled about what to do about it.

INFOGRAPHIC: Shaking off cyber fatigue can be tough

A new survey by the nonprofit Identity Theft Resource Center, scheduled to be released in full next week, reinforce these notions. ITRC surveyed 317 people who used the organization’s services in 2017 and had experienced identity theft. The study was sponsored by CyberScout, which also sponsors ThirdCertainty. A few highlights:

• Nearly half, 48.4 percent, of data breach victims were confused about what to do
• Only 56 percent took advantage of identity theft protection services offered after a breach
• Some 61 percent declined identity theft services due to lack of understanding or confusion
• Some 32 percent didn’t know where to turn for help in event of a financial loss due to identify theft.

Keep your guard up

These psychological shock waves, no doubt, are coming into play yet again for 143 million consumers who lost sensitive information in the Equifax breach. The ITRC findings suggest that many Equifax victims are likely to be frightened, confused and frustrated to the point of acquiescence. That’s because the digital lives we lead come with risks no one foresaw at the start of this century. And the reality is that consumers need to be constantly vigilant about their digital life. However, cyber attacks have become so ubiquitous that they’ve become white noise for many people.

The ITRC study is the second major report showing this to be true. Last fall, a majority of computer users polled by the National Institute of Standards and Technology said they experienced “security fatigue” that often correlates to risky computing behavior they engage in at work and in their personal lives.

The NIST report defines “security fatigue” as a weariness or reluctance to deal with computer security. As one of the study’s research subjects said about computer security, “I don’t pay any attention to those things anymore. … People get weary from being bombarded by ‘watch out for this or watch out for that.’”

Brian Stanton, cognitive psychologist

Cognitive psychologist, Brian Stanton, who co-authored the NIST study, observed that “security fatigue … has implications in the workplace and in peoples’ everyday life. It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet.”

Make no mistake, identity theft is a huge and growing problem. Some 41 million Americans have already had their identity stolen—and 50 million reported being aware of someone else who was victimized, according to a Bankrate.com survey.

Attacks are multiplying

With sensitive personal data for the clear majority of Americans circulating in the cyber underground, it should come as no surprise that identity fraud is on a rising curve. Between January 2016 and June 2016, identity theft accounted for 64 percent of all data breaches, according to Breach Level Index. One reason for the rise was a huge jump in internet fraud. Card not present (CNP) fraud leaped by 40 percent in 2016 while point of sale (POS) fraud remained unchanged.

It’s not just weak passwords and individual errors that are fueling the rise in online fraud. Organizations we all trust with our personal information are being attacked every single day. The massive breach of financial and personal history data for 143 million people from credit bureau Equifax is just the latest example.

Over the past four years there has been a steady drumbeat of major data breaches: Target, Home Depot, Kmart, Staples, Sony, Yahoo, Anthem, the U.S. Office of Personnel Management, the Republican National Committee, just to name a few. The hundreds of millions of records stolen never perish; they will continue in circulation in the cyber underground, available for sale and/or to be used in the next innovative fraud campaign.

Be safe, not sorry

Protecting yourself online doesn’t have to be difficult or complicated. Here are seven ways to better protect your privacy and your identity today:

• Freeze your credit rating at the big three rating agencies so scammers can’t use your identity to take out loans or credit cards
• Add a website grader to your browser to avoid malware
• Enroll in ID theft coverage with your bank, insurer or employer—it could be free or surprisingly inexpensive
• Get and use a password vault so you can create and use hard to guess passwords
• Be knowledgeable about common cyber scams
• Add a verbal password to your bank account login and set up text alerts to unusual activity
• Come up with a consistent way to decide whether it’s safe to click on something.

There is a bigger implication of losing sensitive information as an individual: It almost certainly will have a negative ripple effect on your family, friends and colleagues. There is a burden on consumers to be more proactive about cybersecurity, just as there is a burden on companies to make it easier for individuals to do so.

NIST researcher Stanton describes it this way: “If people can’t use security, they are not going to, and then we and our nation won’t be secure.”

Melanie Grano contributed to this story.

More stories related to cybersecurity fatigue:
Wake up and avoid a ‘breach fatigue’ nightmare
Don’t let chronic (breach) fatigue syndrome get you down
Integrated cloud-based security platform is vital for reducing ‘point product fatigue’

This article originally appeared on ThirdCertainty.com