When it comes to staying safe and secure in our digital worlds, sometimes it can feel like giving up is the only choice. This idea of "security nihilism" isn't new. Security teams have always faced incredibly challenging problems while trying to enable safe and trustworthy experiences across all the technology we use. It can be a difficult trap to overcome for security practitioners, but it's even more dangerous when employees start to feel it. Security nihilism creates new and worsens existing problems that put a company's data and the employees who are stewards of that data at risk.
Unfortunately, security and IT teams can inadvertently cause a sense of security nihilism. Some enterprise security tactics, while well-intentioned, can end up pitting IT and security teams against the employees they're trying to protect. Strategies that rely on scare tactics, that shame employees for making mistakes, or that overwhelm employees with information can lead to frustration and a lack of engagement. Worse, they can cause people to just give up. If breaches seem to be inevitable and getting security right is so difficult and burdensome for employees, why bother?
Security teams must take accountability for keeping employees engaged. It's time to shift the message to empower employees and create a culture where everyone is on the same side. Here are three steps toward that goal.
1. End "Gotcha"-Style Tactics That Shame Employee MistakesBlaming or shaming employees who make mistakes is counterproductive and can lead to security nihilism. Employees can get discouraged and give up, or they won't tell security teams when they receive a phishing email or click on a malicious link. Employees are not part of the problem; they're part of the solution. Security teams can't respond to a threat or a breach if they don't know about it, which means employees are important allies in safeguarding company data.
"Gotcha"-style phishing tests are a good example of this problem. One such test involves emailing all of a company's employees with information about a holiday bonus. The people who click the link are "punished" with more cybersecurity training. Tactics like this create an adversarial dynamic instead of uniting employees, security teams, and IT teams under a shared goal of keeping the company secure. Accountability must shift from employees to security teams. It's unreasonable to expect every employee to be a security expert while trying to do their jobs. The narrative needs to change from blaming employees to asking why they were in a position to make a mistake in the first place.
2. Use Positive Incentives to Combat Security FatigueRewards are far more effective than punishment. Positive incentives can help combat security nihilism, keep employees engaged, and cement a partnership mindset between security teams and employees.
Examples of this can be seen on the consumer security side and have worked well. Epic Games rewards users who enable two-factor authentication on their accounts by giving them new emotes (a dance move or other action you can take in the game Fortnite) and items for their characters. The company recognizes that it has a responsibility and an opportunity to combat end-user security fatigue and add some fun to consumer cybersecurity, which is often negative or overwhelming.
Positive incentives can be provided when employees spot a suspicious email, complete a training, update their password, or admit to a mistake such as sending sensitive data to the wrong person. Organizations don't have to commit a lot of resources to this; recognition and stickers go a long way.
3. Take the FUD Out of Security Awareness TrainingSecurity awareness training has gained a reputation for being boring and irrelevant. It's tempting to use fear, uncertainty, and doubt (FUD) to get employees to pay attention, but a more effective approach involves individualized training that celebrates security wins.
Rather than quarterly, check-the-box training for the entire company, training should be tailored to smaller groups or individuals using relevant, contextualized scenarios. For example, the training for a new remote employee on the sales team could use real-world phishing techniques that commonly target that type of employee. The focus should be on what an individual employee needs to accomplish to detect and prevent security threats and practice safe behavior.
This kind of training also should share and celebrate accomplishments, such as when an employee flags a suspicious request. Highlighting wins and successful outcomes in the face of security risks reinforces the engagement and behavior from employees that are critical for company-wide success.
Security Doesn't Have to Be Scary One of the major roadblocks to protecting company data is security's association with punishment, fear, and difficulty. People tend to ignore or avoid things that are hard and scary, or they simply shrug their shoulders and say, "Who cares?" This nihilistic mindset must be addressed, and it's up to security teams to counteract it.
A better way forward involves creating an environment where employees can do their work while avoiding security risks. Bring them into the fold by rewarding wins, taking the shame out of mistakes, and creating training that celebrates employees as crucial to safeguarding an organization.
Read more:
Security Nihilism Is Putting Your Company and Its Employees at Risk - DARKReading
- Voices: Working-class men like Steve Wright don't go to the doctor and that's exactly the problem... - Yahoo News UK - February 16th, 2024 [February 16th, 2024]
- "Superman Defeats Nihilism": Grant Morrison Loved an Obscure Alan Moore Story So Much They Almost Remixed It - Screen Rant - February 16th, 2024 [February 16th, 2024]
- The rise of stay-at-home girlfriends - UnHerd - November 26th, 2023 [November 26th, 2023]
- 'Fargo' Recap, Season 5, Episode 2: Trials and Tribulations - Vulture - November 26th, 2023 [November 26th, 2023]
- What's the matter with Russia? - The Hub - November 26th, 2023 [November 26th, 2023]
- The Killer: The unintentional comedy of the year? - EL PAS USA - November 26th, 2023 [November 26th, 2023]
- Eli Roth's Thanksgiving Keeps A Disappointing 2023 Slasher Trend ... - Screen Rant - November 26th, 2023 [November 26th, 2023]
- Bobby McDonagh: The Rule of Law matters more than ever when ... - TheJournal.ie - November 26th, 2023 [November 26th, 2023]
- A 2023 gift guide: 10 ideas for the music lover in your life - 25 News KXXV and KRHD - November 26th, 2023 [November 26th, 2023]
- Ten Great Sci-fi TV Shows that Promote Reason and Individualism - The Objective Standard - November 26th, 2023 [November 26th, 2023]
- Jonathan Sacks: Are Science and Religion Enemies? - The Collector - November 26th, 2023 [November 26th, 2023]
- An open letter to all of my progressive friends - New York Daily News - November 26th, 2023 [November 26th, 2023]
- The Two Tragedies of November 22nd - The American Conservative - November 26th, 2023 [November 26th, 2023]
- Speculating on the ceasefire moment in Gaza - rabble.ca - November 26th, 2023 [November 26th, 2023]
- In Defense of Stigma - The Stream - November 26th, 2023 [November 26th, 2023]
- Pro-lockdown obsessives still long to be told what to do - Yahoo Eurosport UK - November 26th, 2023 [November 26th, 2023]
- 8 signs you're a mentally strong person (even if you don't think so) - Hack Spirit - November 26th, 2023 [November 26th, 2023]
- Trump Gets Fined in Court but Wins in the House - The New Yorker - October 29th, 2023 [October 29th, 2023]
- The challenges to democracy [letter] | Letters To The Editor ... - LNP | LancasterOnline - October 29th, 2023 [October 29th, 2023]
- Standing against the insidious spread of euthanasia | News, Sports ... - The Daily Times - October 29th, 2023 [October 29th, 2023]
- A large chunk of Republicans are quite set on voting for the face ... - Daily Kos - October 29th, 2023 [October 29th, 2023]
- Israel's civic strength in response to the Hamas attacks should stiffen ... - The Hub - October 29th, 2023 [October 29th, 2023]
- No Time to Go Wobbly on Russia - Center for European Policy Analysis - October 29th, 2023 [October 29th, 2023]
- Blinken to Security Council: Where's the revulsion over Hamas attacks - The Times of Israel - October 29th, 2023 [October 29th, 2023]
- Opinion | In Israel and Gaza, Searching for Humanity - The New York Times - October 29th, 2023 [October 29th, 2023]
- Donald Trump to testify in NY AG Case - Daily Kos - October 29th, 2023 [October 29th, 2023]
- Thom Nickels: Demonic nihilism? It's not just on the streets. - Broad + Liberty - August 18th, 2023 [August 18th, 2023]
- Reflections on the Revolution in America | Pavlos Leonidas ... - First Things - August 18th, 2023 [August 18th, 2023]
- Why It's Always Raining In The Movie Se7en: David Fincher's ... - Screen Rant - August 18th, 2023 [August 18th, 2023]
- Poetic Time In The Age Of Acceleration - Noema Magazine - August 18th, 2023 [August 18th, 2023]
- Review: Zilched releases her best work yet in 'Earthly Delights' - WDET - August 18th, 2023 [August 18th, 2023]
- Phoebe Bridgers thinks we confuse sadness with intelligence: Listen ... - Audacy - August 18th, 2023 [August 18th, 2023]
- Called to be a man in Christ, not a Nietzschean superman - Catholic World Report - August 18th, 2023 [August 18th, 2023]
- Why The Last Voyage of the Demeter Sank at the Box Office - MovieWeb - August 18th, 2023 [August 18th, 2023]
- Forget GTA 6 and Red Dead Redemption, I want Manhunt 3 - PCGamesN - August 18th, 2023 [August 18th, 2023]
- Gabriel Krauze: raw writing from the streets of London - RNZ - August 18th, 2023 [August 18th, 2023]
- The Ideal Man According to 7 Different Philosophers - Art of Manliness - August 18th, 2023 [August 18th, 2023]
- Review: In How to Blow Up a Pipeline, nihilism is optimism - Detroit Metro Times - April 29th, 2023 [April 29th, 2023]
- Beaten To Death Review: Disturbing Australian Horror Lives Up To Its Title [Panic Fest 2023] - Dread Central - April 29th, 2023 [April 29th, 2023]
- David Brooks: Joe Biden and the 'battle for the soul of America' l - Baltimore Sun - April 29th, 2023 [April 29th, 2023]
- Ram Jams: Fall Out Boy, New Album and Era - Fordham Observer - April 29th, 2023 [April 29th, 2023]
- Tucker Carlson Is the Emblem of GOP Cynicism - The Atlantic - April 29th, 2023 [April 29th, 2023]
- One Night in Washington, D.C., With George Santos - The Intercept - April 29th, 2023 [April 29th, 2023]
- Reddit study finds interesting facts about typical Blue Jays fans - Jays Journal - April 29th, 2023 [April 29th, 2023]
- Yale Professor Breaks Down Years of Violent Conflict Between ... - The Greyhound - April 29th, 2023 [April 29th, 2023]
- Nietzsche, Friedrich | Internet Encyclopedia of Philosophy - January 6th, 2023 [January 6th, 2023]
- 30 Religious Terms You Should Know - Daily Writing Tips - January 6th, 2023 [January 6th, 2023]
- The Difference Between Existentialism, Nihilism, and Absurdism - January 6th, 2023 [January 6th, 2023]
- Philosophical skepticism - Wikipedia - January 4th, 2023 [January 4th, 2023]
- Simon Critchley - Wikipedia - January 4th, 2023 [January 4th, 2023]
- 'World is Crumbling. An Email Doesn't Matter': 2022 Was the Year of Nihilism. How Do We Move On? - News18 - December 23rd, 2022 [December 23rd, 2022]
- Moscow accuses West of legal nihilism RT Russia & Former Soviet Union - December 12th, 2022 [December 12th, 2022]
- Wordsworths Challenge to Darwinian Nihilism | Evolution News - December 12th, 2022 [December 12th, 2022]
- I Fear My Pain Interests You by Stephanie LaCava review numb nihilism ... - November 19th, 2022 [November 19th, 2022]
- Editorial: In the Face of Climate Nihilism, What Can One Do to Not Lose All Hope? | Opinions - The Link - October 8th, 2022 [October 8th, 2022]
- Cardinal Mller Reasserts the Dangers of Nihilism The European Conservative - The European Conservative - October 8th, 2022 [October 8th, 2022]
- The Midnight Club Is a Teen Horror Show Thats Actually Scary: TV Review - Yahoo Entertainment - October 8th, 2022 [October 8th, 2022]
- Hiltzik: GOP cruelty counts on the humanity of others - Los Angeles Times - October 8th, 2022 [October 8th, 2022]
- Screen Grabs: A revisionist Western that still shines bright - 48 hills - 48 Hills - October 8th, 2022 [October 8th, 2022]
- Russian Roulette: How Ukraine Can Win the Game (Part 1) - Kyiv Post - October 8th, 2022 [October 8th, 2022]
- What 20 Years of Putin's Own Words Tell Us About Russia's Subversion of International Law - JURIST - October 8th, 2022 [October 8th, 2022]
- 'Triangle of Sadness' Review: Hazardous Levels of Smug - Vulture - October 8th, 2022 [October 8th, 2022]
- In China, Only the Party Tells History - Foreign Policy - September 29th, 2022 [September 29th, 2022]
- The Infinite Nihilistic Jest of Brian Ennals and Infinity Knives - Yahoo Entertainment - September 29th, 2022 [September 29th, 2022]
- No Laughing Matter: Bodies Bodies Bodies Is Too Cynical to Be Much Fun - Erie Reader - September 29th, 2022 [September 29th, 2022]
- Oliver Jeffers Gets Perspective With Meanwhile Back on Earth - TIME - September 29th, 2022 [September 29th, 2022]
- Talkin' About My Generation: How Boomers Became Deaf, Dumb, and Blind To The Inspiration and Innovation of Rock and Roll - MetalTalk - September 29th, 2022 [September 29th, 2022]
- 'Cult of the Lamb' and the bleating heart of nihilism - Catholic News Service - September 22nd, 2022 [September 22nd, 2022]
- The Infinite Nihilistic Jest of Brian Ennals and Infinity Knives - Spin - September 22nd, 2022 [September 22nd, 2022]
- This cosmic horror game will force you to trust characters to survive - Polygon - September 22nd, 2022 [September 22nd, 2022]
- Belief in God can help us find a purpose in life that we are currently lacking - David J Nixon - The Scotsman - September 22nd, 2022 [September 22nd, 2022]
- "Date Night" by White Lung - Northern Transmissions - September 22nd, 2022 [September 22nd, 2022]
- Lyrically Speaking: What is Bob Dylans All Along the Watchtower actually about? - Far Out Magazine - September 22nd, 2022 [September 22nd, 2022]
- Pinocchio (2022): Disney wished on another wrong star - Campus Times - September 22nd, 2022 [September 22nd, 2022]
- The Complicated Legacy Of 'Rick And Morty' - The Federalist - September 22nd, 2022 [September 22nd, 2022]
- "Soul and Things" - Baltimore Beat - September 22nd, 2022 [September 22nd, 2022]
- Ukraine Holds the Future: The War Between Democracy and Nihilism - Foreign Affairs Magazine - September 11th, 2022 [September 11th, 2022]
- Hedgerow Theatre Company Dives Into The Darkness With Martin McDonagh's THE PILLOWMAN, October 5-31 - Broadway World - September 11th, 2022 [September 11th, 2022]
- The skate punk brats of the '90s are back to ruin our lives again - Cult MTL - September 11th, 2022 [September 11th, 2022]
- Kurt Russell's Best Movie Was A Critical And Box Office Disaster - Giant Freakin Robot - September 11th, 2022 [September 11th, 2022]