If you’ve watched shows like The Walking Dead, or seen movies like 28 Days Later, you undoubtedly are aware of the prevalent tension that exists in those worlds. The survivors are under a constant threat of attack from zombies and other humans. Every day becomes more and more bleak as their defenses, patience, and mental health are slowly eroded by constant loss and sacrifice. This is not unlike the world of computer security.
A new study from the National Institute of Standards and Technology has shown that the vast majority of computer users are succumbing to what is called “Security Fatigue.” Constantly hearing on the news that this company or that service was hacked, that this new virus is wreaking havoc, that this country is engaging in cyber warfare. People become tired, they let their guard down, and they make stupid mistakes. And just like in a zombie apocalypse, letting your guard down for even a moment can have disastrous consequences. We end up reusing the same passwords, or avoiding activities that force us to log in. It makes us refuse to use two-factor authentication, and stop visiting sites that have had minor breaches. We grow jaded and tired, and mistrusting of the outside world. We start to prefer to stay where they feel safe, as the scary hoard of zombie-like hackers, security bugs and viruses loom outside.
Learning from Our Collective Mistakes
There is a silver lining. Companies are beginning to become proactive about security. They are designing products with security in mind, rather than adding it as an afterthought. A prime example of this is Windows Update. Originally, Microsoft published monthly updates, and only server administrators cared to go download them. In Windows 10 Home edition, Microsoft has changed their policy so that every machine automatically downloads updates without the need for approval. Car manufacturers are learning that adding computers to cars also means learning to treat them like computers. Apple and Google are working to take better control of the phone ecosystem so that critical software fixes take days instead of months. Also there are groups of companies creating standards for Internet of Things devices so that they don’t fall victim to the issues that have plagued the (first generation) of those devices.
Companies are working to make sure that end users aren’t the only ones responsible for their security. This is how security is different from the zombie apocalypse. Things are getting better, and stable foundations have been set upon which new progress can be built. This doesn’t happen on TV, unless they plan to topple it all in a cliffhanger.