?
editor ’ s question ear fatigue is very
F similar to ‘ warning fatigue ’, that is , the ambivalence associated with the constant barrage of warnings which users encounter in apps , websites and operating systems . And not only in IT systems but think of the warning signs you see all over California , informing you that everything causes cancer .
Hence users can ’ t tell what is a real threat and what is just satisfying the letter of the law . Since IT warnings are so common , users tend to ‘ clickthru ’ without reading the message , potentially causing substantial harm . In a similar fashion , users are tired of hearing about the threats to their personal computer security and may be ignoring actual threats .
However , these warnings are important for effectively mitigating attacks . The challenge is false alarms do happen and over time even information security pros can become desensitised to the alerts .
A key challenge facing enterprises is finding the right balance between false alarms and not enough alerts . If alerts are being ignored , filtered or missed , this represents a huge failure . triggers to more appropriate values or addressing problems on a single system can greatly improve the quality and validity of alerts .
Including context for users to help determine the importance of an event can also help address warning fatigue . Single events by themselves can seem innocuous but included in the context of other events can be deemed significant .
But at the end of the day , the best remedy is user education , which can take many forms . But instead of drilling users with rules which tend to go in one ear and out the other , a different approach should be considered .
Fun videos with actors using a ‘ soap opera ’ like story to convey the message which engages users , could be more useful and provide optimal results . The viewing of such stories could be staggered , similar to a TV series which keeps users interested and in suspense of what ’ s coming . At the same time , these stories convey valuable lessons in cybersecurity , making learning fun , engaging and something they can talk about with their colleagues .
One way to combat this is for information security teams to identify the events that cause the alarms to trigger in the first place . By simply tuning the event
If alerts are being ignored , filtered or missed , this represents a huge failure .
DEAN COCLIN , SENIOR DIRECTOR OF BUSINESS DEVELOPMENT AT DIGICERT
There are several companies that offer such educational products and it ’ s incumbent upon IT to join with HR to ensure employees undertake the training and complete a short quiz . Results could be posted on a leader board , with prizes awarded to top rankings , creating a corporate competition to exhibit pride in employee results . www . intelligentciso . com
29