1. bookVolume 13 (2022): Edition 1 (July 2022)
Détails du magazine
License
Format
Magazine
eISSN
2067-9785
Première parution
06 Mar 2017
Périodicité
3 fois par an
Langues
Anglais
access type Accès libre

Stress, Burnout, and Security Fatigue in Cybersecurity: A Human Factors Problem

Publié en ligne: 28 Jun 2022
Volume & Edition: Volume 13 (2022) - Edition 1 (July 2022)
Pages: 49 - 72
Reçu: 01 Jan 2022
Accepté: 01 Apr 2022
Détails du magazine
License
Format
Magazine
eISSN
2067-9785
Première parution
06 Mar 2017
Périodicité
3 fois par an
Langues
Anglais
Abstract

Stress, burnout, and security fatigue continue as slight destroyers of strong cybersecurity and significant human factors concerns. The persistence of these human performance issues is concerning given the lack of mitigation and integration of human factors practitioners to mitigate these adverse risk circumstances. Security fatigue is not a new phenomenon but the evolving nature of cybersecurity results in various sub-categories of security fatigue; thus, making it a difficult problem to solve. Stress and burnout are major causes of short tenures in senior roles for security executives. Business decision-makers lack the expertise to explore the negative influences of stress, burnout, and security fatigue on cybersecurity. Technology-led cycles are organizations’ primary course of action to mitigate cybersecurity threats, resulting in complexity debt and making businesses more vulnerable to attacks. Human factors professionals can identify high-friction areas that degrade human performance and implement initiatives to reduce the risk. Human performance degradation in cybersecurity is a critical risk factor and requires immediate attention, given that cybercriminals continue to exploit human weaknesses to gain access to sensitive and critical infrastructure.

Keywords

Aminanto M.E., Zhu L., Ban T., Isawa R., Takahashi T., Inoue D. (2019) Combating threat-alert fatigue with online anomaly detection using isolation forest. In: Gedeon T., Wong K., Lee M. (eds) Neural Information Processing. ICONIP 2019. Lecture Notes in Computer Science, vol 11953. Springer, Cha10.1007/978-3-030-36708-4_62 Search in Google Scholar

Bojanova, I., Voas, J., Chang, M., & Wilbanks, L. (2016). Cybersecurity or Privacy [Guest editors’ introduction]. I.T. Professional, 18(5), 16-17.10.1109/MITP.2016.80 Search in Google Scholar

Bone, J. (2017). Cognitive Hack: The New Battleground in Cybersecurity... the Human Mind. CRC Press. Search in Google Scholar

Boy, G. A. (2017). Human-centered design of complex systems: An experience-based approach. Design Science, 3.10.1017/dsj.2017.8 Search in Google Scholar

Choi, H., & Jung, Y. (2018). The role of privacy fatigue in online privacy behavior. Computers in Human Behavior, 81, 42–51. https://doi.org/10.1016/j.chb.2017.12.001 Search in Google Scholar

Cong Pham, H., Brennan, L., & Furnell, S. M. (2019). Information security burnout: Identification of sources and mitigating factors from security demands and resources. Journal of Information Security and Applications. Retrieved from http://hdl.handle.net/10026.1/13591. DOI: 10.1016/j.jisa.2019.03.012 Ouvrir le DOISearch in Google Scholar

Corporate Compliance Insights. (2015, May 13). Retrieved from https://www.corporatecomplianceinsights.com/thomson-reuters-annual-cost-of-compliance-survey-shows-regulatory-fatigue-resource-challenges-and-personal-liability-to-increase-throughout-2015/ Search in Google Scholar

Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2019). When enough is enough: Investigating the antecedents and consequences of information security fatigue. Information Systems Journal. Search in Google Scholar

Cunningham, M. (2021, March 25). “Tiny crimes” – How minor mistakes when remote working could lead to major cybersecurity breaches (Part 1). Forcepoint.com. Retrieved from https://www.forcepoint.com/blog/x-labs/minor-mistakes-major-breaches-pt-1. Search in Google Scholar

Cybenko, G., Giani, A., & Thompson, P. (2002). Cognitive hacking: A battle for the mind. Computer, 35(8), 50-56.10.1109/MC.2002.1023788 Search in Google Scholar

Davis, N. (2018, December 17). Chronic fatigue syndrome could be triggered by overactive immune system. TheGuardian.com. Retrieved from https://www.theguardian.com/society/2018/dec/17/chronic-fatigue-syndrome-could-be-triggered-by-overactive-immune-system Search in Google Scholar

Dykstra, J., & Paul, C. L. (2018). Cyber Operations Stress Survey (COSS): Studying fatigue, frustration, and cognitive workload in cybersecurity operations. In 11th USENIX Workshop on Cyber Security Experimentation and Test CSE, 18. Search in Google Scholar

Edwards, J. R., Caplan, R. D., & Van Harrison, R. (1998). Person-environment fit theory. Theories of organizational stress, 28(1), 67-94. Search in Google Scholar

ENISA Threat Landscape 2021. (2021, October). Retrieved from https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021 Search in Google Scholar

Fisher, J. (2018, July 31). How managers can prevent their teams from burning out. Retrieved from https://hbr-org.cdn.ampproject.org/c/s/hbr.org/amp/2018/07/how-managers-can-prevent-their-teams-from-burning-out Search in Google Scholar

Furnell, S. and Thomson, K.L. (2009). Recognising and addressing security fatigue.” Computer Fraud & Security, 11, 7–11, doi:10.1016/S1361-3723(09)70139-3. Ouvrir le DOISearch in Google Scholar

Grier, R. A. (2015, September). How high is high? A meta-analysis of NASA-TLX global workload scores. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 59, No. 1, pp. 1727-1731). Sage CA: Los Angeles, CA: SAGE Publications.10.1177/1541931215591373 Search in Google Scholar

Gutzwiller, R. S., Cosley, D., Ferguson-Walter, K., Fraze, D., & Rahmer, R. (2019, November). Panel: Research sponsors for cybersecurity research and the human factor. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 63, No. 1, pp. 422-426). Sage CA: Los Angeles, CA: SAGE Publications.10.1177/1071181319631383 Search in Google Scholar

Helkala, K., Knox, B., Jøsok, Ø., & Knox, S. (2016). Factors to affect improvement in cyber officer performance. Information & Computer Security.10.1108/ICS-01-2016-0001 Search in Google Scholar

Hinkley, C. (2019 September 16). Preventing PTSD and burnout for cybersecurity professionals. Darkreading.com. Retrieved from https://www.darkreading.com/risk/preventing-ptsdand-burnout-for-cybersecurity-professionals/a/did/1335750?fbclid=IwAR31h9dqAsT7oC5JaAEGseXlSnL1C1Jp5VsntlFGwDaFy4Pf82JSCIbFT UU Search in Google Scholar

Hollnagel, E. (2016). The nitty-gritty of human factors. Human factors and ergonomics in practice: Improving system performance and human well-being in the real world, 45-64.10.1201/9781315587332-5 Search in Google Scholar

Hull, J. L. (2017). Analyst Burnout in the Cyber Security Operation Center-CSOC: A Phenomenological Study (Doctoral dissertation, Colorado Technical University). Search in Google Scholar

ISACA. (2020, November 18). Understanding and burning CISO burnout. ISACA.org. Retrieved from https://www.isaca.org/resources/news-and-trends/industry-news/2020/understanding-and-addressing-ciso-burnout Search in Google Scholar

Koppel, R., Blythe, J., Kothari, V., & Smith, S. (2016). Beliefs about cybersecurity rules and passwords: A comparison of two survey samples of cybersecurity professionals versus regular users. In Twelfth Symposium on Usable Privacy and Security ({SOUPS} 2016). Search in Google Scholar

Kwon, J., & Johnson, M. E. (2015, June). The market effect of healthcare security: Do patients care about data breaches?. In WEIS. Search in Google Scholar

Lallie, H. S., Shepherd, L. A., Nurse, J. R., Erola, A., Epiphaniou, G., Maple, C., & Bellekens, X. (2021). Cyber security in the age of covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, 102248.10.1016/j.cose.2021.102248 Search in Google Scholar

LaManna. M. (2017). Technology intercepts for cyber security applied to critical infrastructures. WMSCI, 8-11. Search in Google Scholar

Loui, R. K. (2020, February 28). #Psybersecurity: Mental healths impacts of cybersecurity attacks. RSA Conference 2020. San Francisco, California Search in Google Scholar

MacEwan, N. (2017). Responsibilisation, rules and rule-following concerning Cyber Security: Findings from Small Business Case Studies in the U.K. (Doctoral dissertation, University of Southampton). Search in Google Scholar

Maslach, C., and Schaufeli, W. (2001). Job burnout. Annual Review of Psychology (52), pp. 397–422.10.1146/annurev.psych.52.1.397 Search in Google Scholar

Maslach, C., & Leiter, M. P. (2005). Reversing burnout. Standford Social Innovation Review, 43-49. Search in Google Scholar

Mancuso, V. F., Strang, A. J., Funke, G. J., & Finomore, V. S. (2014, September). Human factors of cyber-attacks: a framework for human-centered research. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 58, No. 1, pp. 437-441). Sage CA: Los Angeles, CA: SAGE Publications.10.1177/1541931214581091 Search in Google Scholar

Michel, A. (2017). Psyber Security: Thwarting Hackers with Behavioral Science. APS Observer, 30(9). Search in Google Scholar

Mirilla, D. F., Tappert, C. C., Frank, R. I., & Tao, L. (2018). A proposed dynamic Security Operations Center Management Framework for reducing task disengagement. Proceedings of Student-Faculty Research Day, Pace University. Search in Google Scholar

Monica, A., & Gloria, P. W. (2019). Stressed decision-makers and use of decision aids: a literature review and conceptual model. Information Technology & People, 33(2), 710-754. https://doi.org/10.1108/ITP-04-2019-0194 Search in Google Scholar

Moss, J. (2019, December 11). Burnout is about your workplace, not your people. HBR.org. Retrieved from https://hbr-org.cdn.ampproject.org/c/s/hbr.org/amp/2019/12/burnout-is-about-your-workplace-not-your-people Search in Google Scholar

Moustafa, A. A., Bello, A., & Maurushat, A. (2021). The role of user behaviour in improving cyber security management. Frontiers in Psychology, 12.10.3389/fpsyg.2021.561011 Search in Google Scholar

Nobles, C. (2018). Botching human factors in cybersecurity in business organizations. HOLISTICA–Journal of Business and Public Administration, 9(3), 71-88.10.2478/hjbpa-2018-0024 Search in Google Scholar

Nobles, C. (2019). Establishing human factors programs to mitigate blind spots in cybersecurity. MWAIS 2019 Proceedings, 22. https://aisel.aisnet.org/mwais2019/22 Search in Google Scholar

Nobles, C. (2021a, February 8). The Human Factors Series: Burnout and fatigue are sustained problems in cybersecurity. https://www.linkedin.com/pulse/human-factors-series-burnout-fatigue-sustained-calvin-nobles-ph-d-/ [post]. LinkedIn. https://www.linkedin.com/pulse/human-factors-series-burnout-fatigue-sustained-calvin-nobles-ph-d-/ Search in Google Scholar

Nominet Cyber Security. (2019). Life inside the perimeter: Understanding the modern CISO. Retrieved from Nominet-Cyber_CISO-report_FINAL-130219.pdf. Search in Google Scholar

Nori, P., Bartash, R., Cowman, K., Dackis, M., & Pirofski, L. A. (2019, April). Is burnout infectious? Understanding drivers of burnout and job satisfaction among academic infectious diseases physicians. In Open forum infectious diseases (Vol. 6, No. 4, p. ofz092). U.S.: Oxford University Press.10.1093/ofid/ofz092 Search in Google Scholar

Ogbanufe, O., & Spears, J. (2019). Burnout in cybersecurity professionals. Proceedings of the 14th Pre-ICIS Workshop on Information Security and Privacy, Munich, Germany, December 15, 2019. Search in Google Scholar

Okereafor, K., & Adelaiye, O. (2020). Randomized cyber attack simulation model: a cybersecurity mitigation proposal for post covid-19 digital era. International Journal of Recent Engineering Research and Development (IJRERD), 5(07), 61-72. Search in Google Scholar

Parkin, S., Krol, K., Becker, I., & Sasse, M. A. (2016). Applying cognitive control modes to identify security fatigue hotspots. In Twelfth Symposium on Usable Privacy and Security ({SOUPS} 2016). Search in Google Scholar

Pfleeger, S. L., Sasse, M. A., & Furnham, A. (2014). From weakest link to security hero: Transforming staff security behavior. Journal of Homeland Security and Emergency Management, 11(4), 489-510.10.1515/jhsem-2014-0035 Search in Google Scholar

Pham, H.-C., El-Den, J., & Richardson, J. (2016). Stress-based security compliance model – an exploratory study. Information and Computer Security, 24(4), 326.10.1108/ICS-10-2014-0067 Search in Google Scholar

Pham, H. C. (2019). Information security burnout: Identification of sources and mitigating factors from security demands and resources. Journal of Information Security and Applications, 46, 96-107.10.1016/j.jisa.2019.03.012 Search in Google Scholar

Platsis, G. (2019). The Human Factor: Cyber Security’s Greatest Challenge. In Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications (pp. 1-19). IGI Global. Search in Google Scholar

Platsis, G. (2019, August 14). Is staff burnout the best reason to implement cybersecurity A.I.? Securityintelligence.com. Retrieved from https://securityintelligence.com/articles/is-staff-burnout-the-best-reason-to-implement-cybersecurity-ai/ Search in Google Scholar

Reeves, A., Delfabbro, P., & Calic, D. (2021). Encouraging employee engagement with cybersecurity: How to tackle cyber fatigue. SAGE Open, 11(1), 21582440211000049.10.1177/21582440211000049 Search in Google Scholar

Renaud, K. (2012). Blaming noncompliance is too convenient: What really causes information breaches? Security & Privacy, IEEE 10 (3), 57-63.10.1109/MSP.2011.157 Search in Google Scholar

Roberts, L. D., & Allen, P. J. (2015). Exploring ethical issues associated with using online surveys in educational research. Educational Research and Evaluation, 21(2), 95-108.10.1080/13803611.2015.1024421 Search in Google Scholar

Ritchey, D. (2018). Curing security fatigue. Security, 55(9), 10. Retrieved from http://libproxy.temple.edu/login?url=https://search-proquestcom.libproxy.temple.edu/docview/2109287230?accountid=14270 Search in Google Scholar

Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. computers & security, 56, 70-82.10.1016/j.cose.2015.10.006 Search in Google Scholar

SAI Global. (2008). SAI Global Information Security Awareness Survey 2008. Retrieved from http://www.saiglobal.com Search in Google Scholar

Sasse, M. A. (2013, August). Technology should be smarter than this!: A Vision for Overcoming the Great Authentication Fatigue. In Workshop on Secure Data Management (pp. 33-36). Springer, Cham.10.1007/978-3-319-06811-4_7 Search in Google Scholar

Serfontein, R., Drevin, L., & Kruger, H. (2018). The feasibility of raising information security awareness in an academic environment using SNA. In IFIP World Conference on Information Security Education (pp. 69-80). Springer, Cham.10.1007/978-3-319-99734-6_6 Search in Google Scholar

Singh, T. (2021). The role of stress among cybersecurity professionals (Doctoral dissertation, The University of Alabama). Search in Google Scholar

Sheridan, K. (2020, June 6). 90% of CISOs would pay for better work-life balance. DarkReading.com. Retrieved from https://www.darkreading.com/risk/90--of-cisos-would-cut-pay-for-better-work-life-balance/d/d-id/1336995 Search in Google Scholar

Stanton, B., Theofanos, M. F., Prettyman, S. S., & Furman, S. (2016). Security fatigue. I.T. Professional, 18(5), 26-32.10.1109/MITP.2016.84 Search in Google Scholar

Tanimoto, S., Nagai, K., Hata, K., Hatashima, T., Sakamoto, Y., & Kanai, A. (2017, July). A Concept Proposal on Modeling of Security Fatigue Level. In 2017 5th Intl Conf on Applied Computing and Information Technology/4th Intl Conf on Computational Science/Intelligence and Applied Informatics/2nd Intl Conf on Big Data, Cloud10.1109/ACIT-CSII-BCD.2017.30 Search in Google Scholar

Thomas, B. (2019, December 26). Most urgent CISO skills 2020: Reporting avoiding burnout, more. Bitsight.com. Retrieved from https://www.bitsight.com/blog/5-shocking-itcybersecurity-burnout-statistics. Search in Google Scholar

Thomas, B. (2020, January 07). Five shocking I.T. and cybersecurity burnout statistics. Bitsight.com. Retrieved from https://www.bitsight.com/blog/5-shocking-it-cybersecurityburnout-statistics. Search in Google Scholar

Thorbecke, C. (2021, July 02). Why business leaders need a wake-up call to take burnout seriously right now, experts say. Yahoo.com. Retrieved from https://www.yahoo.com/gma/why-business-leaders-wake-call-100007147.html Search in Google Scholar

Tobler, N., Colvin, J., & Rawlins, N. W. (2017). Longitudinal analysis and coping model of user adaptation. Journal of Computer Information Systems, 57(2), 97-105. https://doi.org/10.1080/08874417.2016.1183415 Search in Google Scholar

Valcour, M. (2016). Beating burnout. Harv Bus Rev, 94, 98-101. Search in Google Scholar

Wang, J., Li, Y., & Rao, H. R. (2017). Coping responses in phishing detection: An investigation of antecedents and consequences. Information Systems Research, 28(2),378-396. https://doi.org/10.1287/isre.2016.0680 Search in Google Scholar

Wilson, S., Hamilton, & Stallbaum, S. (2020, May 26). The unaddressed gap in cybersecurity: Human performance. MIT Sloan Management Review. Retrieved from https://sloanreview.mit.edu/article/the-unaddressed-gap-in-cybersecurity-human-performance/ Search in Google Scholar

Zorabedian, J. (2019, February 01). Data breach fatigue makes every day feel like groundhog day. SecurityIntelligence.com. Retrieved from https://securityintelligence.com/data-breach-fatigue-makes-every-day-feel-like-groundhog-day Search in Google Scholar

Articles recommandés par Trend MD

Planifiez votre conférence à distance avec Sciendo