Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

WiIl Millennials Be The Death Of Data Security?
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 4   >   >>
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/29/2015 | 9:30:24 PM
Re: Ok Millennials, defend yourselves!
@ODA155: That's a really good point, and the story reminds me of security advice I read once (and, indeed, this is something that security auditors sometimes do): Send a phishing-like email to your staff, and whomever opens it is informed that it was a fake email and they immediately have to complete security training right then and there.  This winds up leading to dramatic drops in successful phishing attempts on employees.
User Rank: Apprentice
1/29/2015 | 12:22:35 PM
OK, Joe
I don't think this post is ageist, Millennials ENJOY giving up their data. They are the "look at me" generation that brought you the selfie stick. The post never said that Millennials were stupid, just that they were a little "loose" with their personal information. This comes from an almost inante trust of technology. While this is fine for personal devices on personal networks, it becomes a larger issue when these data snatching apps start getting on corporate assets.


Love Always, 

Old Age Gen X-er That Cuts Your Paycheck
User Rank: Ninja
1/29/2015 | 9:28:26 AM
Re: Ok Millennials, defend yourselves!
Hey Joe, I got the whole tongue-in-cheek thing, I thought it was funny. And Phunny you should mention phishing and who is more susceptible, from what I can tell from having to deal with it at work at least 10 times per month, there is no age requirement for stupidity (yeah I said it!).

I know this a little off topic, but please bear with me. I'm sure that everyone here knows that there are many types of phishing scams out there,  but from the perspective of my company and what we've been dealing with mostly:
  • Administrative
    • Help Desk
    • Account Deactivation
    • Password Reset
  • Financial (CEO\CFO) Money Transfer Requests
  • 419 or Nigerian Scams ( if you get caught up in this you deserve to be fleeced)
  • Email Attachments

But last week we saw a different one, a message seeming to come from our accounting department, targeting other members of the accounting department (..yeah...) notifying them of their annual bonus, $7,500! And all they had to do was fill out the form and return it... like I said there is no age requirement for stupidity because 17 people got the email and only one person did not open it and I have to believe that was because she was not in the office and doesn't have a corporate mobile device. The victims spanned the generational divide so as I said there is no age requirement for stupidity.

But as far as studies or even polls (as I suggested earlier) go... ask any accountant, or crook, you can make the numbers look any way you want them to look, it just depends on what side of the argument you're on. I believe what I see, and I know that doesn't mount to nothing outside of my world, because a pool or a study is nothing more than a point to argue.

But I do have faith in these Millennials to get it right and it really doesn't matter if previous generations or old CEO's didn't make security a priority, again, they have access to so much more information and education and knowledge but as some have said earlier in other posts... I'm just an old guy who hopes that it doesn't hurt too bad before they get it.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/29/2015 | 1:21:14 AM
Re: Ok Millennials, defend yourselves!
Actually, I'm quite confident.  The one far-too-often-cited 2010 study that purports to demonstrate that those aged 18-25 were the most likely to fall for phishing attacks was fundamentally flawed because its sample was comprised entirely of Amazon Mechanical Turk users -- which tend to lean very young.  (Indeed, the *average* age of study participants was 29-30.)

Meanwhile, all kinds of studies and statistics demonstrate that fraudsters of all kinds -- online and offline -- repeatedly target (and find the most success targeting) the elderly.

In any case, my preceding comment/rant was meant to be tongue-in-cheek, and I hope/trust it was taken that way.  :)
User Rank: Ninja
1/28/2015 | 10:49:47 PM
Re: Ok Millennials, defend yourselves!
"Also, we don't fall for those email phishing attempts as much as you folks do."

Really Joe Stanganelli... you sure about that?
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:17:09 PM
Re: Ok Millennials, defend yourselves!
I think the recent news reports that sheriffs/police are up in arms over Waze for giving out speed trap information and violating police privacy are hilarious.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:15:27 PM
Re: Ok Millennials, defend yourselves!
I once wrote a Tweet explaining every privacy policy ever.  twitter.com/JoeStanganelli/status/525343726877810689
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:12:07 PM
Re: Ok Millennials, defend yourselves!
Although I'm not a Millennial, I am a member of the younger side of Gen-X -- and I found the headline a bit miffing.  (You old people are the ones who need our constant hand-holding when it comes to technology!  20+ years ago, we were programming your VCRs for you!  And you still don't understand your TV remote controls as well as we do!  And we don't even watch TV!  Also, we don't fall for those email phishing attempts as much as you folks do.)

The younger generations perhaps understand data privacy better than anyone else.  The Snapchat example demonstrates not a failure to appreciate security but rather an understanding and acceptance that no system is truly 100% secure; they treat data security like the risk-reward proposition it truly is.

As for the using personal apps on corporate devices, that's been happening since long before most Millennials were even born.

It's far more productive to identify the risks presented by human nature and mitigate these risks than it is to make sweeping, ageist generalizations that will only ostracize colleagues and thereby harm collaborative security efforts.

Rant over.  (You can go back to sucking up those social security dollars that WE GAVE YOU.)
User Rank: Strategist
1/28/2015 | 5:10:07 PM
More connected or less concerned?
Was there a generation particularly more concerned with security? Judging by the droves of leaks, breaches and attacks in the last few years, it doesn't seem so. While I agree that Millenials as a whole are more connected, I would be more worried about the typically older set who make up the executive team -- fewer devices, sure, but in contact with much more sensitive information.  These are generalities, to be certain, though I think if there were any generation to "get" security (for the first time, en masse), it'd be the one which is more connected, not less.
User Rank: Strategist
1/28/2015 | 4:02:37 PM
Data, data everywhere...
What if data essentially becomes unprotectable?  At some point, so much is being shared, be it intentional, inadvertent, stolen and posted, or inferred (Big Data analytics).  As security professionals, do we soon run out of fingers to put in the dyke?  I don't care who has my credit card number if I am assured that no one but me can use it.

Years ago, when I was in the Air Force, we had our name, address, phone number, and social security number printed on our personal checks!  You couldn't cash a check at the base exchange without it.  But at that time, my social security number wasn't of any practical use to another person.  That's clearly changed of course.  But if we can better address the problem of who is permitted to use the data, protecting if from being known becomes less important.  That still leaves a lot of data that people would prefer to keep private, but it's something to think about.

Finding ways to better manage how data is used may be more effective than trying to keep it confidential.
<<   <   Page 2 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-02-04
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 &amp; AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition ...
PUBLISHED: 2023-02-04
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling Ap...
PUBLISHED: 2023-02-04
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
PUBLISHED: 2023-02-04
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.