Recognizing (and Overcoming) the Problem of Breach Fatigue
Authored by: Tony Cole, CTO – The idea of “breach fatigue” is relatively new, but the phenomenon it represents is well known. Simply put, if you start to hear too much about any one thing, eventually, you’ll start to tune it out. See a lot of political coverage? You might have election fatigue. Watch a lot of ESPN? You might have Tom Brady fatigue. Hear about a lot of cyberattacks? Congratulations—you might have breach fatigue.
At this point, just about everyone has been the victim of a breach. Retailers, mobile providers, and even credit monitoring services have suffered high-profile breaches over the past several years, with millions of everyday citizens caught up in each one. At this point, hearing about a major breach isn’t likely to make anyone panic. It’s more likely to make them shrug their shoulders and say, “looks like I’m about to get two more years of free credit monitoring.”
Something needs to change. People ranging from IT experts to entry-level employees are tired of hearing about breaches, but they aren’t going away anytime soon. If anything, breaches are becoming more serious as time goes on. And while we may not be able to end breach fatigue, we can at least double down on cyber literacy, ensuring that both individuals and organizations have the information—and tools—they need to recognize potential danger signs.
Responsible Breach Coverage
The stories that will interest the greatest number of people naturally receive the most coverage, which is why massive breaches like SolarWinds and Colonial Pipeline made quite a few headlines during the first half of the year. But the stories with the broadest appeal are not always the most deserving of coverage, and breach fatigue can impact the media as much as individuals.
Consider the amount of coverage that the Oldsmar, FL water system attack received. At the time, the idea that cybercriminals could target local critical infrastructure was novel to many people and was covered extensively. Contrast this with the almost nonexistent coverage of the ransomware attack on two Maine sewage treatment facilities, which are also critical infrastructure, in August. These attacks are as concerning as the Oldsmar attack but received a fraction of the coverage. It’s old news—background noise—and people just aren’t interested.
In general, media coverage tends to be reactive, while cybersecurity needs to be proactive. That means that the right people and groups need to think about attacks before they happen, not after. Organizations ranging from local municipalities to major energy providers need to understand that what happened in Florida and Maine can happen to them, too. And infrastructure isn’t the only industry under siege: cybercriminals are attacking organizations in every industry each day. With that in mind, it’s easy to see why people suffer from breach fatigue—but it’s also easy to see why it’s dangerous.
Adopting an Assumption of Breach Mentality
One way organizations can protect themselves is by adopting an “assumption of breach” mentality, operating as if attackers have already breached their network. They can protect themselves accordingly with in-network defenses, identity protection tools, and other resources designed to protect against intruders already present within the system. Adopting this mentality turns breach fatigue on its head. The overwhelming number of breaches might make it tempting for employees to throw their hands up in despair, but they can instead learn that it is precisely this high volume of attacks that makes prevention efforts so critical. If someone is in your network, why choose to make life easy for them?
Even some cybersecurity experts have grown tired of constantly hearing about breaches. Still, they need to avoid the pitfall of breach fatigue and instead channel that frustration into an assumption of breach posture. Defenders who give in to despair over the inevitability of breaches may as well hand attackers the keys to the castle. Experts agree that even though it is impossible to stop 100% of attacks, the smartest approach is often simply to make the attacker’s job as difficult as possible. Those who rise to the challenge and look for ways to trip up attackers who have bypassed perimeter or existing endpoint defenses can often limit the impact of these attacks—or stop them altogether.
Stopping Attackers Requires Proactive Measures
Attackers have shown that they will continue to evolve, shifting their attack tactics, modifying how they break into a given environment, and adjusting how they operate once inside the network to minimize risk of detection. This constant evolution contributes substantially to their continued success, as defenders must commit to staying one step ahead of each new development. This battle between attackers and defenders will continue forever, but succumbing to breach fatigue is a surefire way to hand attackers a significant advantage.
Combating breach fatigue will require a commitment to stronger education and skills training, ensuring that individuals and their employers across the country can improve their cyber literacy. Organizations can start by ensuring that they have the right tools to help prevent breaches. Solutions that provide visibility into potential exposures or more robust identity security can help demonstrate to employees that attackers can be stopped, and their efforts are not in vain. Assuming that a breach has already occurred doesn’t mean giving up. With the right mentality, it can be a necessary first step toward a more effective cybersecurity posture.
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise