Business, News, Security

We don’t spot cyberattacks because we’re stressed and tired

Brendyn Lotz

12th August 2022

There have been many instances where we have heard from experts that the weakest link in cybersecurity is the squishy human sitting in front of their PC.

While this is usually accompanied by a call for greater investment in cybersecurity education, KnowBe4 Africa’s senior vice president of content strategy, Anna Collard has presented an additional reasoning. What if we’re all just too tired and stressed to notice these things?

“It’s easy to see how stress and overwhelm make it easy for people to make simple cybersecurity mistakes,” says Collard. “You’re tired, you’re not paying attention, you click on a link you’d normally avoid. You’re distracted and, in a rush, so you open an attachment you’d usually ignore. This is how the scammers and criminals are increasingly catching people unawares and putting both personal and business security at risk.”

While it may sound like a cop out, fatigue and stress play a large role in missing things or making mistakes. In its the Psychology of Human Error report for 2022, Tessian found that 52 percent of respondents made more mistakes while stressed and 43 percent made more mistakes when they were tired. Perhaps more concerning is that this happens most frequently among younger workers.

“Younger employees seem to be more affected by stress than their older co-workers, though. Nearly two-thirds of workers aged 18-30 years old (62%) said they make more mistakes when they are stressed, compared to 45% of workers over 51 years old,” Tessian reported.

One way to combat this is by championing employee wellness.

“Our modern lives with mobile devices, apps, email and social media constantly fighting for our attention, result in cognitive overload and multi-tasking. This in turn makes us more error prone, stressed and also more susceptible to social engineering attacks. This is one of the reasons why companies should invest into wellness and mental wellbeing for their employees,” says Collard.

More than this, the KnowBe4 Africa SVP says that cybersecurity training should be conducted when employees are at their peak performance. Conducting a training session at 16:00 on a Friday afternoon for example, is a great way to ensure nobody learns anything.

It’s an interesting perspective to take as regards cybersecurity but one that makes sense. Studies have shown that, when fatigued, brain cells can’t communicate as effectively which causes lapses in memory and poor concentration.

Stress has a similar effect and can even cause inflammation according to Harvard Health Publishing. The inflammation issue isn’t related to cybersecurity but more of an interesting aside.

For businesses then, investing in employee wellness should form part of your cybersecurity strategy. It sounds almost silly but given the data we’ve seen and knowing how poorly we work when tired, it’s something that makes sense.

With threats only becoming more sophisticated and phishing attacks becoming more personalised and targeted, perhaps it’s time we start addressing why the squishy human in front of the PC is so vulnerable to threats.

[Image – CC 0 Pixabay]

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.