Don’t Fall Victim to Breach Fatigue


People shouldn’t let news of data breaches dissuade them from trying to protect their information, according to security researcher Ray [REDACTED]. On the CyberWire’s Hacking Human podcast, Ray referenced an earlier episode of the CyberWire in which Carole Theriault said she often encounters an attitude in which people are resigned to the fact that all their data have potentially already been stolen, and that therefore it’s not worth going to the trouble of trying to prevent future breaches.

“I actually call that the fallacy of futility,” Ray said. “And what it is, is it's the idea that if we take the fact that online privacy doesn't exist anymore…if we say, well, there's no such thing as online privacy…the problem is, is, that's not a binary statement, right? It doesn't either exist or it doesn't. There are varying degrees of privacy.”

Ray explained that even data that’s already been breached is not always easily discoverable or publicly accessible. For example, the OPM breach, which is believed to have been conducted by Chinese hackers, probably resulted in the data falling into the hands of Chinese intelligence services. While that’s not a good thing, it means the data probably aren’t available to petty criminals who could use it for identity theft and other crimes.

“It's very important to keep in mind that just because your data has been breached before…that doesn't mean that you'd necessarily want to be involved in others,” Ray said. “And ultimately, some of that data may be different, especially if you're using unique email addresses. But it is in everyone's best interest to try to protect themselves, you know, through OPSEC and practicing good security hygiene.”

Ray said much of the problem stems from the sheer number of breaches we hear about on a weekly basis. These breaches involve our data being stolen from companies we interact with, and we usually have no control over what happens to those data.

“I think it really is driven by the fact that, just like in cybersecurity, we have something called alert fatigue,” Ray explained. “We have something called outrage fatigue, and we have something called breach fatigue, which is when you see a big announcement about DoorDash and, you know, millions and millions of people's information being leaked – or even Words with Friends…we're so numb to these massive breaches that it feels like they're almost inevitable, right? And to a certain degree, when humans feel like something is basically inevitable, there is a tendency to just assume that it's going to happen at all times and that there's nothing that can be done to mitigate the impact of it.”

There are measures you can take to mitigate the risk and effects of having your data breached. New-school security awareness training can help your employees take steps to secure their data while staying safe from threat actors who may have already compromised it. The CyberWire has the story:

Are your users putting a big target on your organization's back?

Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen or weak passwords. And, a new survey from Dark Reading shows 44% of organizations say users pose the greatest threat to data security!

KnowBe4's Password Exposure Test (PET) makes it easy for you to identify users with exposed emails publicly available on the web, and checks your Active Directory to see if they are using weak or compromised passwords that are part of a known data breach. PET then reports on any user accounts affected so you can take action immediately!

PETHere's how the Password Exposure Check works:

  • Checks to see if any of your organization's email addresses have been part of a data breach
  • Tests against 10 types of weak password related threats associated with user accounts
  • Checks against breached or weak passwords currently in use in your Active Directory
  • Reports on the accounts affected and does not show/report on the actual passwords 
  • Just download the install, run it, get results in minutes!

Download Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews