Don’t Fall Victim to Breach Fatigue


People shouldn’t let news of data breaches dissuade them from trying to protect their information, according to security researcher Ray [REDACTED]. On the CyberWire’s Hacking Human podcast, Ray referenced an earlier episode of the CyberWire in which Carole Theriault said she often encounters an attitude in which people are resigned to the fact that all their data have potentially already been stolen, and that therefore it’s not worth going to the trouble of trying to prevent future breaches.

“I actually call that the fallacy of futility,” Ray said. “And what it is, is it's the idea that if we take the fact that online privacy doesn't exist anymore…if we say, well, there's no such thing as online privacy…the problem is, is, that's not a binary statement, right? It doesn't either exist or it doesn't. There are varying degrees of privacy.”

Ray explained that even data that’s already been breached is not always easily discoverable or publicly accessible. For example, the OPM breach, which is believed to have been conducted by Chinese hackers, probably resulted in the data falling into the hands of Chinese intelligence services. While that’s not a good thing, it means the data probably aren’t available to petty criminals who could use it for identity theft and other crimes.

“It's very important to keep in mind that just because your data has been breached before…that doesn't mean that you'd necessarily want to be involved in others,” Ray said. “And ultimately, some of that data may be different, especially if you're using unique email addresses. But it is in everyone's best interest to try to protect themselves, you know, through OPSEC and practicing good security hygiene.”

Ray said much of the problem stems from the sheer number of breaches we hear about on a weekly basis. These breaches involve our data being stolen from companies we interact with, and we usually have no control over what happens to those data.

“I think it really is driven by the fact that, just like in cybersecurity, we have something called alert fatigue,” Ray explained. “We have something called outrage fatigue, and we have something called breach fatigue, which is when you see a big announcement about DoorDash and, you know, millions and millions of people's information being leaked – or even Words with Friends…we're so numb to these massive breaches that it feels like they're almost inevitable, right? And to a certain degree, when humans feel like something is basically inevitable, there is a tendency to just assume that it's going to happen at all times and that there's nothing that can be done to mitigate the impact of it.”

There are measures you can take to mitigate the risk and effects of having your data breached. New-school security awareness training can help your employees take steps to secure their data while staying safe from threat actors who may have already compromised it. The CyberWire has the story:

Free Password Exposure Test 

Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen or weak passwords. And, a new survey from Dark Reading shows 44% of organizations say users pose the greatest threat to data security!

PET-imageKnowBe4’s Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organization’s hidden exposure risk associated with your users. Here's how it works: 

  • Checks to see if any of your organization's email addresses have been part of a data breach
  • Tests against 10 types of weak password related threats associated with user accounts
  • Checks against breached or weak passwords currently in use in your Active Directory
  • Reports on the accounts affected and does not show/report on the actual passwords
  • Just download the install, run it, get results in minutes!

Identify which users may be putting your organization at risk before the bad guys do.

Download Now

Don't like to click on redirected links? Cut & Paste this link in your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews