Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
WiIl Millennials Be The Death Of Data Security?
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 4   >   >>
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
1/29/2015 | 9:30:24 PM
Re: Ok Millennials, defend yourselves!
@ODA155: That's a really good point, and the story reminds me of security advice I read once (and, indeed, this is something that security auditors sometimes do): Send a phishing-like email to your staff, and whomever opens it is informed that it was a fake email and they immediately have to complete security training right then and there.  This winds up leading to dramatic drops in successful phishing attempts on employees.
Teach21
Teach21,
 User Rank: Apprentice
1/29/2015 | 12:22:35 PM
OK, Joe
I don't think this post is ageist, Millennials ENJOY giving up their data. They are the "look at me" generation that brought you the selfie stick. The post never said that Millennials were stupid, just that they were a little "loose" with their personal information. This comes from an almost inante trust of technology. While this is fine for personal devices on personal networks, it becomes a larger issue when these data snatching apps start getting on corporate assets.

 

Love Always, 

Old Age Gen X-er That Cuts Your Paycheck
ODA155
ODA155,
 User Rank: Ninja
1/29/2015 | 9:28:26 AM
Re: Ok Millennials, defend yourselves!
Hey Joe, I got the whole tongue-in-cheek thing, I thought it was funny. And Phunny you should mention phishing and who is more susceptible, from what I can tell from having to deal with it at work at least 10 times per month, there is no age requirement for stupidity (yeah I said it!).

I know this a little off topic, but please bear with me. I'm sure that everyone here knows that there are many types of phishing scams out there,  but from the perspective of my company and what we've been dealing with mostly:
  • Administrative
    • Help Desk
    • Account Deactivation
    • Password Reset
  • Financial (CEO\CFO) Money Transfer Requests
  • 419 or Nigerian Scams ( if you get caught up in this you deserve to be fleeced)
  • Email Attachments

But last week we saw a different one, a message seeming to come from our accounting department, targeting other members of the accounting department (..yeah...) notifying them of their annual bonus, $7,500! And all they had to do was fill out the form and return it... like I said there is no age requirement for stupidity because 17 people got the email and only one person did not open it and I have to believe that was because she was not in the office and doesn't have a corporate mobile device. The victims spanned the generational divide so as I said there is no age requirement for stupidity.

But as far as studies or even polls (as I suggested earlier) go... ask any accountant, or crook, you can make the numbers look any way you want them to look, it just depends on what side of the argument you're on. I believe what I see, and I know that doesn't mount to nothing outside of my world, because a pool or a study is nothing more than a point to argue.

But I do have faith in these Millennials to get it right and it really doesn't matter if previous generations or old CEO's didn't make security a priority, again, they have access to so much more information and education and knowledge but as some have said earlier in other posts... I'm just an old guy who hopes that it doesn't hurt too bad before they get it.
 
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
1/29/2015 | 1:21:14 AM
Re: Ok Millennials, defend yourselves!
Actually, I'm quite confident.  The one far-too-often-cited 2010 study that purports to demonstrate that those aged 18-25 were the most likely to fall for phishing attacks was fundamentally flawed because its sample was comprised entirely of Amazon Mechanical Turk users -- which tend to lean very young.  (Indeed, the *average* age of study participants was 29-30.)

Meanwhile, all kinds of studies and statistics demonstrate that fraudsters of all kinds -- online and offline -- repeatedly target (and find the most success targeting) the elderly.

In any case, my preceding comment/rant was meant to be tongue-in-cheek, and I hope/trust it was taken that way.  :)
ODA155
ODA155,
 User Rank: Ninja
1/28/2015 | 10:49:47 PM
Re: Ok Millennials, defend yourselves!
"Also, we don't fall for those email phishing attempts as much as you folks do."

Really Joe Stanganelli... you sure about that?
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
1/28/2015 | 10:17:09 PM
Re: Ok Millennials, defend yourselves!
I think the recent news reports that sheriffs/police are up in arms over Waze for giving out speed trap information and violating police privacy are hilarious.
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
1/28/2015 | 10:15:27 PM
Re: Ok Millennials, defend yourselves!
I once wrote a Tweet explaining every privacy policy ever.  twitter.com/JoeStanganelli/status/525343726877810689
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
1/28/2015 | 10:12:07 PM
Re: Ok Millennials, defend yourselves!
Although I'm not a Millennial, I am a member of the younger side of Gen-X -- and I found the headline a bit miffing.  (You old people are the ones who need our constant hand-holding when it comes to technology!  20+ years ago, we were programming your VCRs for you!  And you still don't understand your TV remote controls as well as we do!  And we don't even watch TV!  Also, we don't fall for those email phishing attempts as much as you folks do.)

The younger generations perhaps understand data privacy better than anyone else.  The Snapchat example demonstrates not a failure to appreciate security but rather an understanding and acceptance that no system is truly 100% secure; they treat data security like the risk-reward proposition it truly is.

As for the using personal apps on corporate devices, that's been happening since long before most Millennials were even born.

It's far more productive to identify the risks presented by human nature and mitigate these risks than it is to make sweeping, ageist generalizations that will only ostracize colleagues and thereby harm collaborative security efforts.

Rant over.  (You can go back to sucking up those social security dollars that WE GAVE YOU.)
IMjustinkern
IMjustinkern,
 User Rank: Strategist
1/28/2015 | 5:10:07 PM
More connected or less concerned?
Was there a generation particularly more concerned with security? Judging by the droves of leaks, breaches and attacks in the last few years, it doesn't seem so. While I agree that Millenials as a whole are more connected, I would be more worried about the typically older set who make up the executive team -- fewer devices, sure, but in contact with much more sensitive information.  These are generalities, to be certain, though I think if there were any generation to "get" security (for the first time, en masse), it'd be the one which is more connected, not less.
lunny
lunny,
 User Rank: Strategist
1/28/2015 | 4:02:37 PM
Data, data everywhere...
What if data essentially becomes unprotectable?  At some point, so much is being shared, be it intentional, inadvertent, stolen and posted, or inferred (Big Data analytics).  As security professionals, do we soon run out of fingers to put in the dyke?  I don't care who has my credit card number if I am assured that no one but me can use it.

Years ago, when I was in the Air Force, we had our name, address, phone number, and social security number printed on our personal checks!  You couldn't cash a check at the base exchange without it.  But at that time, my social security number wasn't of any practical use to another person.  That's clearly changed of course.  But if we can better address the problem of who is permitted to use the data, protecting if from being known becomes less important.  That still leaves a lot of data that people would prefer to keep private, but it's something to think about.

Finding ways to better manage how data is used may be more effective than trying to keep it confidential.
<<   <   Page 2 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type=&quot;text&quot;` via a javascript &quot;Show Password&quot; button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn&acirc;&euro;&trade;t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file