Digital4nx Group, Ltd.

  • About Us
    • Who We Serve
    • Close
  • Digital Litigation Support Services
    • Digital Forensic Investigations
    • Electronic Discovery Hosting, Consulting, and Advisory
    • Early Case Assessment
    • Expert Witness Testimony
    • Close
  • Cyber Security Services
    • Advanced Ethical Hacking
    • Vulnerability Assessment
    • Post-Breach Incident Response
    • Cyber Awareness Training
    • Cyber Risk and Compliance Assessment
    • CISO-As-A-Service
    • Close
  • News and Case Studies
  • Events
  • Contact Us
    • Subscribe to Newsletter
    • Close
You are here: Home / Article / Is Cyber Fatigue putting everyone in danger?

Is Cyber Fatigue putting everyone in danger?

October 1, 2019 by Rob Kleeger

I am sure that most people today are simply tired with the consistent news about hacking the election, a financial services firm who has been compromised, or worse your PII (Personally Identifiable Information) and PHI (Protected Health information) is being sold on the Dark Web.

A majority of computer users suffer from “security fatigue” — a weariness of or reluctance to engage with Cyber Security — that leads them into risky behavior online, according to a new study by scientists from NIST (The National Institute for Standards and Technology).  In short, they found that users’ weariness led to feelings of “resignation, loss of control, fatalism, risk minimization, and decision avoidance, all characteristics of security fatigue.”  In turn, that made them prone to “avoiding decisions, choosing the easiest option among alternatives, making decisions influenced by immediate motivations, behaving impulsively, and failing to follow security rules” both at work and in their personal online activities including banking and shopping.

The report’s authors write, “Users are tired of being overwhelmed by the need to be constantly on alert, tired of all the measures they are asked to adopt to keep themselves safe, and tired of trying to understand the ins and outs of online security. All of this leads to security fatigue, which causes a sense of resignation and a loss of control.”

These findings have direct implications for businesses that are legally required to protect personal and financial data, including retailers, financial and healthcare businesses, law and other professional marketing services.

Cybercrime activities like phishing, spear phishing, business email compromise and social engineering all rely on innocent but unwary employees being led to do the cyber criminal’s dirty work.

IF THE US GOVERNMENT, FORTUNE 500 COMPANIES, HIGH TECH FIRMS, FINANCIAL INSTITUTIONS, HEALTH CARE ORGANIZATIONS AND UNIVERSITIES WITH ALL OF THEIR RESOURCES WERE UNABLE TO STOP THE ATTACKS… 

WHAT POSSIBLE CHANCE CAN A SMALL/MEDIUM BUSINESS HAVE?

The answer is: more than you would think.

Digital4nx Group, Ltd. recognizes that the greatest vulnerability in most organizations comes from their own people.

We have been providing fixed fee “ethical hacking” Security assessments, which we define as, a service where we attack your network and computer systems using real-world tools and techniques in order to find security weaknesses.  The goal of an ethical hack security exercise is not to reveal deficiencies in the performance of your IT team, but rather to support them. We often find that IT teams are pressured to make things easy-to-use and functional, maintain software updates and patches, and keep the users up and running.

Our ethical hacking assessment aids the IT team, giving them a road-map for making their networks much more secure, identify the sensitive information which the organization maintains, and improve the best reasonable security measures for that organization.

Having an independent team of experts audit your security is a valuable tool that is guaranteed to uncover vulnerabilities and greatly increase your level of security.

Even small businesses can interrupt this chain of events at several points, making it much more difficult for a cybercriminals to gain a foothold.

We commonly find that we gain some of the initial access to a companies systems by tricking users into providing their passwords.  Once we have those passwords, we can leverage them to gain additional access to other systems.

The below techniques are simple and inexpensive:

  • Make sure everyone in your company understands phishing schemes and how to recognize them.  A phishing scam is an attempt to trick someone into providing username and password information to a hacker.  Spearphishing is a phishing attack customized to a particular individual.
  • Do not allow people to have administrative privileges on their computers.  This prevents them (or viruses acting under their credentials) from installing hacking tools on a computer.
  • Change passwords regularly and use different passwords for different accounts.  In other words, the password to your work computer should be different from the one you use on, say, your Yahoo account.  Password manager software (such as LastPass, KeePass, Dashlane,…) makes it easy to track and change passwords.
  • Ensure your computers install security updates from Microsoft, Apple, and Adobe automatically.
  • Install antivirus software on your computers
  • Install a firewall if you don’t have one, and review your firewall to tighten it up as much as possible.  A firewall is a device that stands between your network and the rest of the world, blocking unauthorized access.
  • Configure spam filters to be as restrictive as possible and use Sender Policy Framework (SPF) records to reduce the likelihood of phishing messages.
  • Confirm backups run regularly and periodically test those backups.

Questions?  Concerns?  Want some help conducting a Cyber Security risk assessment?  Give us a call, we’re happy to help.

PS- For those who are not cyber fatigued and interested in reading about the Department of Homeland Security report detailing Russian civilian and military efforts to hack organizations, companies, and educational institutions in the United States, you can read it here.

Filed Under: Article, Educational Tagged With: CYBER UPDATE, CYBERSECURITY, SECURITY ASSESSMENTS

Trackbacks

  1. Lawyers: Beware of Phishing Emails - Archer Law says:
    October 4, 2019 at 10:42 am

    […] provides additional cyber security tips here. The FTC also recommends reporting phishing attempts to the FTC’s email box, spam@uce.gov, […]

  2. LAWYERS: BEWARE OF PHISHING EMAILS - Digital4nx Group, Ltd. says:
    October 17, 2019 at 10:12 am

    […] provides additional cyber security tips here. The FTC also recommends reporting phishing attempts to the FTC’s email box, spam@uce.gov, and […]

Case Studies

  • When The Hack of a Business Partner is Just as Bad as the Compromise of Your Own Systems.
  • The Threat From Within – Theft of IP
  • Digital4nx Group recognized and honored by Enterprise Security
  • Digital4nx Group Case Study: “Holy SH IT Co: Former IT Exec Cited For Anti-Forensic Program Use”
  • Digital4nx Group Case Study: “Sealed with a KISS”

Categories

  • Announcement
  • Article
  • Case Studies
  • Educational
  • Events
  • Press Release
  • Seminar
  • Webinar

Twitter feed is not available at the moment.

Digital Litigation Support Service

  • DLSS – Digital Litigation Support Services
  • Digital Forensic Investigations
  • Electronic Discovery Hosting, Consulting, and Advisory
  • Early Case Assessment
  • Expert Witness Testimony

Cyber Security Services

  • Cyber Security Services
  • Advanced Ethical Hacking
  • Vulnerability Assessment
  • Post-Breach Incident Response
  • Cyber Awareness Training
  • Cyber Risk and Compliance Assessment
  • CISO-As-A-Service

Case Studies

  • When The Hack of a Business Partner is Just as Bad as the Compromise of Your Own Systems.
  • The Threat From Within – Theft of IP
  • Digital4nx Group recognized and honored by Enterprise Security

Contact Us

Digital4nx Group, Ltd.
8 S. Main St - Unit 70,
Marlboro Township, NJ 07746
info@digital4nxgroup.com
732-786-4062

Subscribe to Newsletter
© 2019 Digital4nx Group, Ltd. | All Rights Reserved. Sitemap · Privacy Policy