Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:15 PM
Dark Reading
Dark Reading
Products and Releases

Millennial Habits Threaten Federal IT Security

As security-conscious baby boomers retire, a survey of the growing millennial workforce reveals a new generation more likely to trade caution for digital productivity.

AUSTIN, Texas, Oct. 25, 2016 -- Global cybersecurity leader Forcepoint™ today released the results of a survey identifying how members of the millennial generation use technology and revealing how these behaviors – if left unaddressed – can significantly jeopardize the security of the U.S. federal government's IT systems. The research shows quick action is needed to prevent a generational shift from upending federal agencies' current cybersecurity postures, as hundreds of thousands of baby boomers reach retirement eligibility in the next year.
Forcepoint's study details a range of attitudes and risky behaviors gathered from more than 670 survey respondents. Millennials' regular use of unprotected public Wi-Fi, sharing of passwords and a belief that cybersecurity is solely the IT department's responsibility present the most urgent security challenges for the government.
Millennial Habits
Millennials currently comprise about 25 percent of federal employees and are expected to represent nearly 75 percent of the workforce by 2025. While baby boomers are more cautious online, survey data shows that millennials (born between 1977 and 1994) are more likely to abandon caution for digital expediency. Federal cybersecurity officers today face a millennial workforce believing they are sufficiently educated and confident in security knowledge; yet the survey's data reveals many do not utilize safe behaviors when it comes to technology and the workplace. Among the alarming responses collected and examined in the survey's full results: many millennials acknowledged they use personal devices for both work and play, with nearly a quarter downloading company files and third party apps to personal devices to increase productivity without notifying IT. In addition, while millennials claim to understand and use strong passwords, they also revealed they frequently use the same password for multiple systems and apps and share them with others even after having personally experienced a breach.
Government Security Officers' Response
Placing millennials' responses in greater context, Forcepoint additionally surveyed a group of federal security officers individually interviewed on how they are adapting their cybersecurity efforts. Surveyed officials reported a wide array of observations and changes reflecting the millennial rise, including:
  • Officers say current changes primarily relate to flexible scheduling and accessing information on mobile devices; nothing new is being done specifically to address incoming millennials from a fundamental security protocol and control perspective
  • Federal organizations are largely making changes individually, agency by agency
  • These steps include re-tooling security awareness programs that emphasize secure productivity, to help employees recognize the dangerous trade-offs of circumventing policies and updating BYOD programs with tools allowing for greater visibility by monitoring applications' reach and data flows
"Beyond the security of the apps and devices employees bring to federal networks, agencies should also look at employee motivations, taking into account both productivity gains and potential security risks," said Forcepoint's Chief Strategy Officer and Federal Division President, Ed Hammersla. "The data resulting from the survey highlights important attitudes and risk factors that can help agencies adapt cybersecurity programs with millennials in mind, fully capitalizing on their creativity and energy while preventing them from becoming accidental insider threats."
About Forcepoint
Forcepoint's portfolio of products safeguards users, data and networks against the most determined adversaries, from accidental or malicious insider threats to outside attacks, across the entire threat lifecycle. Forcepoint protects data everywhere – in the cloud, on the road, in the office – simplifying compliance and enabling better decision-making and more efficient security. Forcepoint empowers organizations to concentrate on what's most important to them while automating routine security tasks. More than 20,000 organizations around the world rely on Forcepoint. Based in Austin, Texas, with worldwide sales, service, security laboratories and product development, Forcepoint is a joint venture of Raytheon Company and Vista Equity Partners. For more about Forcepoint, visit www.Forcepoint.com and follow us on Twitter at @ForcepointSec.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
PUBLISHED: 2021-01-15
Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...