Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
WiIl Millennials Be The Death Of Data Security?
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 4   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/29/2015 | 9:30:24 PM
Re: Ok Millennials, defend yourselves!
@ODA155: That's a really good point, and the story reminds me of security advice I read once (and, indeed, this is something that security auditors sometimes do): Send a phishing-like email to your staff, and whomever opens it is informed that it was a fake email and they immediately have to complete security training right then and there.  This winds up leading to dramatic drops in successful phishing attempts on employees.
Teach21
50%
50%
Teach21,
User Rank: Apprentice
1/29/2015 | 12:22:35 PM
OK, Joe
I don't think this post is ageist, Millennials ENJOY giving up their data. They are the "look at me" generation that brought you the selfie stick. The post never said that Millennials were stupid, just that they were a little "loose" with their personal information. This comes from an almost inante trust of technology. While this is fine for personal devices on personal networks, it becomes a larger issue when these data snatching apps start getting on corporate assets.

 

Love Always, 

Old Age Gen X-er That Cuts Your Paycheck
ODA155
50%
50%
ODA155,
User Rank: Ninja
1/29/2015 | 9:28:26 AM
Re: Ok Millennials, defend yourselves!
Hey Joe, I got the whole tongue-in-cheek thing, I thought it was funny. And Phunny you should mention phishing and who is more susceptible, from what I can tell from having to deal with it at work at least 10 times per month, there is no age requirement for stupidity (yeah I said it!).

I know this a little off topic, but please bear with me. I'm sure that everyone here knows that there are many types of phishing scams out there,  but from the perspective of my company and what we've been dealing with mostly:
  • Administrative
    • Help Desk
    • Account Deactivation
    • Password Reset
  • Financial (CEO\CFO) Money Transfer Requests
  • 419 or Nigerian Scams ( if you get caught up in this you deserve to be fleeced)
  • Email Attachments

But last week we saw a different one, a message seeming to come from our accounting department, targeting other members of the accounting department (..yeah...) notifying them of their annual bonus, $7,500! And all they had to do was fill out the form and return it... like I said there is no age requirement for stupidity because 17 people got the email and only one person did not open it and I have to believe that was because she was not in the office and doesn't have a corporate mobile device. The victims spanned the generational divide so as I said there is no age requirement for stupidity.

But as far as studies or even polls (as I suggested earlier) go... ask any accountant, or crook, you can make the numbers look any way you want them to look, it just depends on what side of the argument you're on. I believe what I see, and I know that doesn't mount to nothing outside of my world, because a pool or a study is nothing more than a point to argue.

But I do have faith in these Millennials to get it right and it really doesn't matter if previous generations or old CEO's didn't make security a priority, again, they have access to so much more information and education and knowledge but as some have said earlier in other posts... I'm just an old guy who hopes that it doesn't hurt too bad before they get it.
 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/29/2015 | 1:21:14 AM
Re: Ok Millennials, defend yourselves!
Actually, I'm quite confident.  The one far-too-often-cited 2010 study that purports to demonstrate that those aged 18-25 were the most likely to fall for phishing attacks was fundamentally flawed because its sample was comprised entirely of Amazon Mechanical Turk users -- which tend to lean very young.  (Indeed, the *average* age of study participants was 29-30.)

Meanwhile, all kinds of studies and statistics demonstrate that fraudsters of all kinds -- online and offline -- repeatedly target (and find the most success targeting) the elderly.

In any case, my preceding comment/rant was meant to be tongue-in-cheek, and I hope/trust it was taken that way.  :)
ODA155
50%
50%
ODA155,
User Rank: Ninja
1/28/2015 | 10:49:47 PM
Re: Ok Millennials, defend yourselves!
"Also, we don't fall for those email phishing attempts as much as you folks do."

Really Joe Stanganelli... you sure about that?
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:17:09 PM
Re: Ok Millennials, defend yourselves!
I think the recent news reports that sheriffs/police are up in arms over Waze for giving out speed trap information and violating police privacy are hilarious.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:15:27 PM
Re: Ok Millennials, defend yourselves!
I once wrote a Tweet explaining every privacy policy ever.  twitter.com/JoeStanganelli/status/525343726877810689
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:12:07 PM
Re: Ok Millennials, defend yourselves!
Although I'm not a Millennial, I am a member of the younger side of Gen-X -- and I found the headline a bit miffing.  (You old people are the ones who need our constant hand-holding when it comes to technology!  20+ years ago, we were programming your VCRs for you!  And you still don't understand your TV remote controls as well as we do!  And we don't even watch TV!  Also, we don't fall for those email phishing attempts as much as you folks do.)

The younger generations perhaps understand data privacy better than anyone else.  The Snapchat example demonstrates not a failure to appreciate security but rather an understanding and acceptance that no system is truly 100% secure; they treat data security like the risk-reward proposition it truly is.

As for the using personal apps on corporate devices, that's been happening since long before most Millennials were even born.

It's far more productive to identify the risks presented by human nature and mitigate these risks than it is to make sweeping, ageist generalizations that will only ostracize colleagues and thereby harm collaborative security efforts.

Rant over.  (You can go back to sucking up those social security dollars that WE GAVE YOU.)
IMjustinkern
50%
50%
IMjustinkern,
User Rank: Strategist
1/28/2015 | 5:10:07 PM
More connected or less concerned?
Was there a generation particularly more concerned with security? Judging by the droves of leaks, breaches and attacks in the last few years, it doesn't seem so. While I agree that Millenials as a whole are more connected, I would be more worried about the typically older set who make up the executive team -- fewer devices, sure, but in contact with much more sensitive information.  These are generalities, to be certain, though I think if there were any generation to "get" security (for the first time, en masse), it'd be the one which is more connected, not less.
lunny
100%
0%
lunny,
User Rank: Strategist
1/28/2015 | 4:02:37 PM
Data, data everywhere...
What if data essentially becomes unprotectable?  At some point, so much is being shared, be it intentional, inadvertent, stolen and posted, or inferred (Big Data analytics).  As security professionals, do we soon run out of fingers to put in the dyke?  I don't care who has my credit card number if I am assured that no one but me can use it.

Years ago, when I was in the Air Force, we had our name, address, phone number, and social security number printed on our personal checks!  You couldn't cash a check at the base exchange without it.  But at that time, my social security number wasn't of any practical use to another person.  That's clearly changed of course.  But if we can better address the problem of who is permitted to use the data, protecting if from being known becomes less important.  That still leaves a lot of data that people would prefer to keep private, but it's something to think about.

Finding ways to better manage how data is used may be more effective than trying to keep it confidential.
<<   <   Page 2 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-19551
PUBLISHED: 2021-09-21
Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong.
CVE-2020-19553
PUBLISHED: 2021-09-21
Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php.
CVE-2021-40847
PUBLISHED: 2021-09-21
The update process of the Circle Parental Control Service on various NETGEAR routers allows remote attackers to achieve remote code execution as root via a MitM attack. While the parental controls themselves are not enabled by default on the routers, the Circle update daemon, circled, is enabled by ...
CVE-2021-41084
PUBLISHED: 2021-09-21
http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`&Atilde;&yen;), Header values (`Header.value`), Status r...
CVE-2021-23443
PUBLISHED: 2021-09-21
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.