The Cybersecurity 202: There was another massive data breach. People will probably forget it in a week

by Posted on
A data breach that affected more than 40 million current, former and prospective T-Mobile customers is a massive cybersecurity incident that is bound to spark a public backlash.
Or, then again, maybe it will be forgotten in a week.
The proliferation of ever-larger breaches during the past decade has left the public so inured to such news that it has become increasingly less likely that a breach will make any public splash at all, no matter how big it is. It’s an effect security researchers describe as “breach fatigue.”
Put another way, 40 million would be a very big number if we were talking about people filing for unemployment, sick with a virus or displaced by a natural disaster. But when it’s people victimized by a data breach, it hardly registers.
“I think the public is already at the point of seeing tens of millions of customer accounts compromised as a non-story,” Maurice Turner, cybersecurity fellow at the German Marshall Fund’s Alliance for Securing Democracy, told me.
That breach fatigue has made it harder for any single data breach to galvanize action in Washington or state legislatures.
“The sheer volume of this latest breach … can make it difficult to appreciate the tremendous damage being done to individuals when their information is seized by hackers,” Rep. Jim Langevin, co-chair of the Congressional Cybersecurity Caucus, told me.
It has also made it far more difficult for cyber educators to persuade people to adopt better behavior, such as adding extra authentication procedures to access accounts and not clicking on suspicious-looking links.
“There’s a sense of learned helplessness, Lisa Plaggemier, interim executive director of the National Cybersecurity Alliance, which advocates for good cyber hygiene, told me. “There’s a sense that, ‘this is going to happen no matter what I do, so I’m not going to do anything because it’s out of my hands.’
Source: Washington Post