Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
WiIl Millennials Be The Death Of Data Security?
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 4   >   >>
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/29/2015 | 9:30:24 PM
Re: Ok Millennials, defend yourselves!
@ODA155: That's a really good point, and the story reminds me of security advice I read once (and, indeed, this is something that security auditors sometimes do): Send a phishing-like email to your staff, and whomever opens it is informed that it was a fake email and they immediately have to complete security training right then and there.  This winds up leading to dramatic drops in successful phishing attempts on employees.
Teach21
Teach21,
User Rank: Apprentice
1/29/2015 | 12:22:35 PM
OK, Joe
I don't think this post is ageist, Millennials ENJOY giving up their data. They are the "look at me" generation that brought you the selfie stick. The post never said that Millennials were stupid, just that they were a little "loose" with their personal information. This comes from an almost inante trust of technology. While this is fine for personal devices on personal networks, it becomes a larger issue when these data snatching apps start getting on corporate assets.

 

Love Always, 

Old Age Gen X-er That Cuts Your Paycheck
ODA155
ODA155,
User Rank: Ninja
1/29/2015 | 9:28:26 AM
Re: Ok Millennials, defend yourselves!
Hey Joe, I got the whole tongue-in-cheek thing, I thought it was funny. And Phunny you should mention phishing and who is more susceptible, from what I can tell from having to deal with it at work at least 10 times per month, there is no age requirement for stupidity (yeah I said it!).

I know this a little off topic, but please bear with me. I'm sure that everyone here knows that there are many types of phishing scams out there,  but from the perspective of my company and what we've been dealing with mostly:
  • Administrative
    • Help Desk
    • Account Deactivation
    • Password Reset
  • Financial (CEO\CFO) Money Transfer Requests
  • 419 or Nigerian Scams ( if you get caught up in this you deserve to be fleeced)
  • Email Attachments

But last week we saw a different one, a message seeming to come from our accounting department, targeting other members of the accounting department (..yeah...) notifying them of their annual bonus, $7,500! And all they had to do was fill out the form and return it... like I said there is no age requirement for stupidity because 17 people got the email and only one person did not open it and I have to believe that was because she was not in the office and doesn't have a corporate mobile device. The victims spanned the generational divide so as I said there is no age requirement for stupidity.

But as far as studies or even polls (as I suggested earlier) go... ask any accountant, or crook, you can make the numbers look any way you want them to look, it just depends on what side of the argument you're on. I believe what I see, and I know that doesn't mount to nothing outside of my world, because a pool or a study is nothing more than a point to argue.

But I do have faith in these Millennials to get it right and it really doesn't matter if previous generations or old CEO's didn't make security a priority, again, they have access to so much more information and education and knowledge but as some have said earlier in other posts... I'm just an old guy who hopes that it doesn't hurt too bad before they get it.
 
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/29/2015 | 1:21:14 AM
Re: Ok Millennials, defend yourselves!
Actually, I'm quite confident.  The one far-too-often-cited 2010 study that purports to demonstrate that those aged 18-25 were the most likely to fall for phishing attacks was fundamentally flawed because its sample was comprised entirely of Amazon Mechanical Turk users -- which tend to lean very young.  (Indeed, the *average* age of study participants was 29-30.)

Meanwhile, all kinds of studies and statistics demonstrate that fraudsters of all kinds -- online and offline -- repeatedly target (and find the most success targeting) the elderly.

In any case, my preceding comment/rant was meant to be tongue-in-cheek, and I hope/trust it was taken that way.  :)
ODA155
ODA155,
User Rank: Ninja
1/28/2015 | 10:49:47 PM
Re: Ok Millennials, defend yourselves!
"Also, we don't fall for those email phishing attempts as much as you folks do."

Really Joe Stanganelli... you sure about that?
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:17:09 PM
Re: Ok Millennials, defend yourselves!
I think the recent news reports that sheriffs/police are up in arms over Waze for giving out speed trap information and violating police privacy are hilarious.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:15:27 PM
Re: Ok Millennials, defend yourselves!
I once wrote a Tweet explaining every privacy policy ever.  twitter.com/JoeStanganelli/status/525343726877810689
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:12:07 PM
Re: Ok Millennials, defend yourselves!
Although I'm not a Millennial, I am a member of the younger side of Gen-X -- and I found the headline a bit miffing.  (You old people are the ones who need our constant hand-holding when it comes to technology!  20+ years ago, we were programming your VCRs for you!  And you still don't understand your TV remote controls as well as we do!  And we don't even watch TV!  Also, we don't fall for those email phishing attempts as much as you folks do.)

The younger generations perhaps understand data privacy better than anyone else.  The Snapchat example demonstrates not a failure to appreciate security but rather an understanding and acceptance that no system is truly 100% secure; they treat data security like the risk-reward proposition it truly is.

As for the using personal apps on corporate devices, that's been happening since long before most Millennials were even born.

It's far more productive to identify the risks presented by human nature and mitigate these risks than it is to make sweeping, ageist generalizations that will only ostracize colleagues and thereby harm collaborative security efforts.

Rant over.  (You can go back to sucking up those social security dollars that WE GAVE YOU.)
IMjustinkern
IMjustinkern,
User Rank: Strategist
1/28/2015 | 5:10:07 PM
More connected or less concerned?
Was there a generation particularly more concerned with security? Judging by the droves of leaks, breaches and attacks in the last few years, it doesn't seem so. While I agree that Millenials as a whole are more connected, I would be more worried about the typically older set who make up the executive team -- fewer devices, sure, but in contact with much more sensitive information.  These are generalities, to be certain, though I think if there were any generation to "get" security (for the first time, en masse), it'd be the one which is more connected, not less.
lunny
lunny,
User Rank: Strategist
1/28/2015 | 4:02:37 PM
Data, data everywhere...
What if data essentially becomes unprotectable?  At some point, so much is being shared, be it intentional, inadvertent, stolen and posted, or inferred (Big Data analytics).  As security professionals, do we soon run out of fingers to put in the dyke?  I don't care who has my credit card number if I am assured that no one but me can use it.

Years ago, when I was in the Air Force, we had our name, address, phone number, and social security number printed on our personal checks!  You couldn't cash a check at the base exchange without it.  But at that time, my social security number wasn't of any practical use to another person.  That's clearly changed of course.  But if we can better address the problem of who is permitted to use the data, protecting if from being known becomes less important.  That still leaves a lot of data that people would prefer to keep private, but it's something to think about.

Finding ways to better manage how data is used may be more effective than trying to keep it confidential.
<<   <   Page 2 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-40204
PUBLISHED: 2022-12-01
A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after login.
CVE-2022-46162
PUBLISHED: 2022-11-30
discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched ...
CVE-2019-18265
PUBLISHED: 2022-11-30
Digital Alert Systems&acirc;&euro;&trade; DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected con...
CVE-2022-46156
PUBLISHED: 2022-11-30
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The authentication token use...
CVE-2022-23746
PUBLISHED: 2022-11-30
The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.