Here are a few of the big latest data breaches: Marriot Hotels Group (has been going on for four years, too), Quora, Google+ (a second breach). Millions upon millions accounts have been affected. And to be honest, it’s kind of a slow news day.

A lot of big names got compromised in 2018. Facebook, MyHeritage, T-mobile, Saks and Lord & Taylor, Timehop, Ticketfly, MyFitnessPal… Breaches that don’t affect millions of users have started to seem small. has released an article on 21 of the biggest data breaches this year — and it doesn’t even begin to cover all of it.

All these data breaches mentioned above have affected anywhere from a few million to hundreds of millions of users. That means some people have been hit quite a few times — and you probably have used at least a few of these services yourself.

To be honest, it’s starting to be difficult to comprehend the scope of it. Plus, if you’re going to get your data compromised anyway, is it really worth trying to step up and improve your security? If you’ve had these thoughts, you’re far from being alone. Online security fatigue is a new, real, and dangerous phenomena.

What Is Online Security Fatigue?

Ever felt overwhelmed about having to keep up with the newest security trend? Feel like you’re being bombarded with the news of this and that data breach happening, and what to do in the aftermath? Found yourself simply not caring anymore?

Welcome to the club. A study focusing on these exact things came to this conclusion:

Although fatigue was not directly part of the interview protocol, more than half of the participants alluded to fatigue in their interviews. Participants expressed a sense of resignation, loss of control, fatalism, risk minimization, and decision avoidance, all characteristics of security fatigue. The authors found that the security fatigue users experience contributes to their cost-benefit analyses in how to incorporate security practices and reinforces their ideas of lack of benefit for following security advice.

Basically, a lot of the participants in the study feel like upping their online security is difficult, and doesn’t help very much anyway, so why do it at all? Unfortunately — and you probably knew I was going to say this — such ideas are dangerous.

Most of the people who have security fatigue come to at least one of these conclusions:

  • Cybercriminals won’t target me personally, because I have nothing of value;
  • Security is not my responsibility and someone else will protect me;
  • There’s nothing I can do to make a difference.

It might be easy for you to see why these ideas aren’t necessarily true, but if you struggle to agree with me, let’s go over each of those.

I Don’t Have Anything Cybercriminals Would Want to Steal

After the Cambridge-Analytica scandal, where Facebook was used to influence the election of Donald Trump, we’ve all received a healthy dose of reality. Cybercriminals aren’t always after your credit card, and you’re not safe merely because it’s always in the red.

Your data is valuable. In data breaches where millions upon millions are affected, it’s easy to feel like you weren’t targeted personally. Well, the hackers may not specifically try to hack John or Jane Smith, but guess what — if your data does get leaked, you may very well suffer some pretty personal consequences.

Yes, most of the attacks are aggregated. No, the hacker probably didn’t pick you out by the name. But that really, really doesn’t matter. What matters is that if 100,000 debit cards get leaked and they’re all emptied out, you’re going to be short $500. Which is why you should always take it personally.

Someone Else Will Protect Me, a.k.a. NotMyJob™

Honestly, NotMyJob™ attitude is really one of the worst things that you can do, ever. Am I exaggerating? Let’s put it that way: what if everyone cared about things? Would that make the world a better place? Probably.

When it comes to anything that’s difficult to fully comprehend and seems kind of scary and unrelatable, we kinda want to run to mommy. Honestly, that’s an okay thing to feel. But if you actually do it, then you’re just pushing the NotMyJob™ agenda a step further.

And when it comes to security, the truth is this: you can’t be helped if you don’t help yourself. For example, your job may have the best security admin possible, but if you do something extra stupid they didn’t think to account for, they will not be able to protect you. Let’s make their job easier by doing ours.

Everything Is Going to Hell Anyway

This is the most dangerous conclusion you can come to. It’s basically good old nihilism with a dash of depression and a sprinkling of what’s the point. Being good about security might seem cumbersome, and if it also seems pointless, then it’s an easy answer: just don’t do it.

This is also the conclusion that cybercriminals want you to come to. Why? Believe it or not, but it actually makes their job much easier. If you use difficult passwords, they’re harder to brute-force. If you use 2FA (two-factor authentication), then it’s another headache.

If you don’t reuse your password, they don’t get into all of your accounts at once. If you don’t succumb to a phishing attack, they’re out of the easiest way to get to your information. The list goes on. I’m not going to lie: there’s no 100{6feaf74659bb228ac71d4b44630a8d52e718e4127a7f4337598235e19f63e205}, idiot-proof way to protect yourself. But there are quite a few simple ways to make the hackers’ job pretty damn difficult. And that’s a nice thought, isn’t it?

5 Easy Ways to Improve Your Security

When I say easy, I mean it.

  1. Get a password manager. No more easy passwords, no more passwords you reuse, and you only need to remember ONE password.
  2. Educate yourself on phishing attacks. They’re really not that sophisticated, and it’s not difficult to avoid them — as long as you know what they tend to look like.
  3. Update your software. Yes, it’s annoying. It’s also really easy and it actually lets cybersecurity professionals take care of your security.
  4. Use two-factor authentication. It’s a small extra step for you and a more difficult job for the hacker, so at least do it on your important accounts.
  5. Don’t share anything sensitive online, ever. This is a common-sense technique that seems to go out of style along with the acceptance of the online in our daily lives. If you post anything online, make sure it’s nothing that can be used against you: like your password hint, anything that can be tied to your identity, basically, nothing you would tell a stranger. Here’s a handy list to start with.

At the end of the day, I know you’re not going to become diligent about cybersecurity. You know it, too. But you can stop being the weak link, and all it takes is to care and to not be a total nihilist. Security fatigue is a real thing, and it’s also a thing you can beat if you educate yourself and stop believing it’s out of your control — because you can always do something about it.

At ROKKEX, we take security extremely seriously and our crypto exchange is built on ‘Security First’ principle. We want to share our expertise with the broader public for the world to become happy, safe, and wise.

If you have any ideas and suggestions, contact us at

Website . LinkedIn . Facebook . Twitter . Telegram . Reddit . Instagram 

Leave a Reply