Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

WiIl Millennials Be The Death Of Data Security?
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 4   >   >>
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/29/2015 | 9:30:24 PM
Re: Ok Millennials, defend yourselves!
@ODA155: That's a really good point, and the story reminds me of security advice I read once (and, indeed, this is something that security auditors sometimes do): Send a phishing-like email to your staff, and whomever opens it is informed that it was a fake email and they immediately have to complete security training right then and there.  This winds up leading to dramatic drops in successful phishing attempts on employees.
User Rank: Apprentice
1/29/2015 | 12:22:35 PM
OK, Joe
I don't think this post is ageist, Millennials ENJOY giving up their data. They are the "look at me" generation that brought you the selfie stick. The post never said that Millennials were stupid, just that they were a little "loose" with their personal information. This comes from an almost inante trust of technology. While this is fine for personal devices on personal networks, it becomes a larger issue when these data snatching apps start getting on corporate assets.


Love Always, 

Old Age Gen X-er That Cuts Your Paycheck
User Rank: Ninja
1/29/2015 | 9:28:26 AM
Re: Ok Millennials, defend yourselves!
Hey Joe, I got the whole tongue-in-cheek thing, I thought it was funny. And Phunny you should mention phishing and who is more susceptible, from what I can tell from having to deal with it at work at least 10 times per month, there is no age requirement for stupidity (yeah I said it!).

I know this a little off topic, but please bear with me. I'm sure that everyone here knows that there are many types of phishing scams out there,  but from the perspective of my company and what we've been dealing with mostly:
  • Administrative
    • Help Desk
    • Account Deactivation
    • Password Reset
  • Financial (CEO\CFO) Money Transfer Requests
  • 419 or Nigerian Scams ( if you get caught up in this you deserve to be fleeced)
  • Email Attachments

But last week we saw a different one, a message seeming to come from our accounting department, targeting other members of the accounting department (..yeah...) notifying them of their annual bonus, $7,500! And all they had to do was fill out the form and return it... like I said there is no age requirement for stupidity because 17 people got the email and only one person did not open it and I have to believe that was because she was not in the office and doesn't have a corporate mobile device. The victims spanned the generational divide so as I said there is no age requirement for stupidity.

But as far as studies or even polls (as I suggested earlier) go... ask any accountant, or crook, you can make the numbers look any way you want them to look, it just depends on what side of the argument you're on. I believe what I see, and I know that doesn't mount to nothing outside of my world, because a pool or a study is nothing more than a point to argue.

But I do have faith in these Millennials to get it right and it really doesn't matter if previous generations or old CEO's didn't make security a priority, again, they have access to so much more information and education and knowledge but as some have said earlier in other posts... I'm just an old guy who hopes that it doesn't hurt too bad before they get it.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/29/2015 | 1:21:14 AM
Re: Ok Millennials, defend yourselves!
Actually, I'm quite confident.  The one far-too-often-cited 2010 study that purports to demonstrate that those aged 18-25 were the most likely to fall for phishing attacks was fundamentally flawed because its sample was comprised entirely of Amazon Mechanical Turk users -- which tend to lean very young.  (Indeed, the *average* age of study participants was 29-30.)

Meanwhile, all kinds of studies and statistics demonstrate that fraudsters of all kinds -- online and offline -- repeatedly target (and find the most success targeting) the elderly.

In any case, my preceding comment/rant was meant to be tongue-in-cheek, and I hope/trust it was taken that way.  :)
User Rank: Ninja
1/28/2015 | 10:49:47 PM
Re: Ok Millennials, defend yourselves!
"Also, we don't fall for those email phishing attempts as much as you folks do."

Really Joe Stanganelli... you sure about that?
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:17:09 PM
Re: Ok Millennials, defend yourselves!
I think the recent news reports that sheriffs/police are up in arms over Waze for giving out speed trap information and violating police privacy are hilarious.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:15:27 PM
Re: Ok Millennials, defend yourselves!
I once wrote a Tweet explaining every privacy policy ever.  twitter.com/JoeStanganelli/status/525343726877810689
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
1/28/2015 | 10:12:07 PM
Re: Ok Millennials, defend yourselves!
Although I'm not a Millennial, I am a member of the younger side of Gen-X -- and I found the headline a bit miffing.  (You old people are the ones who need our constant hand-holding when it comes to technology!  20+ years ago, we were programming your VCRs for you!  And you still don't understand your TV remote controls as well as we do!  And we don't even watch TV!  Also, we don't fall for those email phishing attempts as much as you folks do.)

The younger generations perhaps understand data privacy better than anyone else.  The Snapchat example demonstrates not a failure to appreciate security but rather an understanding and acceptance that no system is truly 100% secure; they treat data security like the risk-reward proposition it truly is.

As for the using personal apps on corporate devices, that's been happening since long before most Millennials were even born.

It's far more productive to identify the risks presented by human nature and mitigate these risks than it is to make sweeping, ageist generalizations that will only ostracize colleagues and thereby harm collaborative security efforts.

Rant over.  (You can go back to sucking up those social security dollars that WE GAVE YOU.)
User Rank: Strategist
1/28/2015 | 5:10:07 PM
More connected or less concerned?
Was there a generation particularly more concerned with security? Judging by the droves of leaks, breaches and attacks in the last few years, it doesn't seem so. While I agree that Millenials as a whole are more connected, I would be more worried about the typically older set who make up the executive team -- fewer devices, sure, but in contact with much more sensitive information.  These are generalities, to be certain, though I think if there were any generation to "get" security (for the first time, en masse), it'd be the one which is more connected, not less.
User Rank: Strategist
1/28/2015 | 4:02:37 PM
Data, data everywhere...
What if data essentially becomes unprotectable?  At some point, so much is being shared, be it intentional, inadvertent, stolen and posted, or inferred (Big Data analytics).  As security professionals, do we soon run out of fingers to put in the dyke?  I don't care who has my credit card number if I am assured that no one but me can use it.

Years ago, when I was in the Air Force, we had our name, address, phone number, and social security number printed on our personal checks!  You couldn't cash a check at the base exchange without it.  But at that time, my social security number wasn't of any practical use to another person.  That's clearly changed of course.  But if we can better address the problem of who is permitted to use the data, protecting if from being known becomes less important.  That still leaves a lot of data that people would prefer to keep private, but it's something to think about.

Finding ways to better manage how data is used may be more effective than trying to keep it confidential.
<<   <   Page 2 / 4   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-05-09
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
PUBLISHED: 2022-05-08
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
PUBLISHED: 2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
PUBLISHED: 2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.