EDITOR ’ S QUESTION
DEAN COCLIN , SENIOR DIRECTOR
OF BUSINESS DEVELOPMENT AT
DIGICERT
Fear fatigue is very similar to ‘ warning fatigue ’, that is , the ambivalence associated with the constant barrage of warnings which users encounter in apps , websites and operating systems .
Hence users can ’ t tell what is a real threat and what is just satisfying the letter of the law . Since IT warnings are so common , users tend to ‘ click-thru ’ without reading the message , potentially causing substantial harm . In similar fashion , users are tired of hearing about the threats to their personal computer security and may be ignoring actual threats .
However , these warnings are important for effectively mitigating attacks . The challenge is false alarms do happen , and over time , even information security pros can become desensitized to the alerts .
A key challenge facing enterprises is finding the right balance between false alarms and not enough alerts . If alerts are being ignored , filtered or missed , this represents a huge failure .
One way to combat this is for information security teams to identify the events that cause the alarms to trigger in the first place . By simply tuning the event triggers to more appropriate values or addressing problems on a single system can greatly improve the quality and validity of alerts .
Including context for users to help determine the importance of an event can also help address warning fatigue . Single events by themselves can seem innocuous but included in the context of other events can be deemed significant .
But at the end of the day , the best remedy is user education , which can take many forms . But instead of drilling users with rules which tend to go in one ear and out the other , a different approach should be considered .
Fun videos with actors using a ‘ soap opera ’ like story to convey the message which engages users , could be more useful and provide optimal results . The
If alerts are being ignored , filtered or missed , this represents a huge failure .
viewing of such stories could be staggered , similar to a TV series which keeps users interested and in suspense of what ’ s coming . At the same time , these stories convey valuable lessons in cybersecurity , making learning fun , engaging and something they can talk about with their colleagues .
There are several companies that offer such educational products and it ’ s incumbent upon IT to join with HR to ensure employees undertake the training and complete a short quiz . Results could be posted on a leader board , with prizes awarded to top rankings , creating a corporate competition to exhibit pride in employee results .
www . intelligentcio . com INTELLIGENTCIO LATAM 33