News
Cyber security fatigue applies to companies as well as ordinary folks - comment
October 2016 by Ilia Kolochenko, CEO High-Tech Bridge
Relentless cybersecurity warnings have given people "security fatigue" that stops
them keeping themselves safe, suggested the US National Institute of Standards and
Technology (NIST) earlier this week.
Security fatigue is defined in the study as a weariness or reluctance to deal with
computer security. As one of the study’s research subjects said about computer
security, “I don’t pay any attention to those things anymore…People get weary
from being bombarded by ‘watch out for this or watch out for that.’”
Well according to Ilia Kolochenko, CEO of web security firm High-Tech Bridge, this
fatigue is just as applicable to IT/security teams and CSOs, especially as new cyber
security products are rolled out to capitalize on this “feeling of fear”:
“Today we need a report on which cybersecurity reports to read – this is a
current state of the industry.
I was speaking about similar issues during my speech at Financial Times
Cybersecurity Summit a couple of weeks ago. Today, too many security vendors offer
similar solutions without genuine technological differentiators, creating new
challenges for CSOs, who are, in addition to their daily fight with cybercrime and
human negligence, are now required to make complicated due-diligence on
cybersecurity vendors.
Moreover, implementing a security solution is just a beginning: once deployed into
production you need to maintain and monitor it, synchronize it with other systems
and educate users. If you don’t have the
necessary resources to do all this – you’d better not to spend on a new solution
– it won’t help, but will rather add new problems, risks and challenges.
Companies should keep in mind that [almost] every security solution has a cost of
ownership – an amount that should be considered in their cybersecurity budgets.”
