BreachExchange mailing list archives
Are younger generations suffering from security fatigue?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 14 Aug 2014 19:07:15 -0600
http://www.information-age.com/technology/security/123458367/are-younger-generations-suffering-security-fatigue It seems barely a week goes past at the moment without some kind of security scare. We’ve had major breaches hit the media in recent months from big businesses like eBay, and US retailer Target. Each time we are told all the usual, sensible, security advice. Use complex passwords, change them often, don’t use the same one for multiple services, don’t share them with anyone else. These are all messages that those that have grown up in the age of internet are very used to hearing. However, it would seem that they are not paying heed. At least while they’re at work. IS Decisions’ recent research report ‘From Brutus to Snowden: a study of insider threat personas’ looks at the views, attitudes and behaviours of 2,000 desk-based workers in the UK and US. It dissects how they differ across demographics, industries and job roles. By far the biggest differentiator found was age, with younger generations time and time again appearing to have worse attitudes and behaviour towards security than their seniors. The trends show that young people share passwords much more often, are more likely to have been involved in an internal security breach and are considerably more likely to access data from an ex-employer after they’ve left a job. What could be the reasons? Now, there could be a number of reasons for these differences. The most common reason cited for anyone sharing work-related passwords was ‘my boss asked’. Now naturally, a younger person is more likely to be junior in their company, and therefore have a boss request their password (very bad form of the boss, by the way). Staff turnover tends to be much higher for younger generations, as they find their career paths and make life choices. And if you’re more likely to have left a job relatively recently, you are more likely to have had the opportunity to have accessed a former employers data or systems. If you’re over 55 and have been working for the same company for 30 years, that opportunity will not have come up. Personal versus employer data However, these more straightforward explanations do not cover everything, and one instance of the age trend gives us an interesting insight. When asked about the relative importance of work data compared to personal information, the majority of older people tended to say that the two were of equal value. The younger the respondent was however, the more likely they were to say that their personal data was more important than their employers. This hints at a fundamental difference in attitudes. The majority of those aged 16 right up to 34 do not see the importance of work and personal data on a level footing. Could it be that younger generations just have a more reckless and blasé attitude to their employers? Password sharing culture There is a trend among younger generations for personal password sharing, of course. On the one hand there are services like Netflix that encourage account sharing, but aside from this teenagers have been noted to share passwords as a sign of trust. In this instance, giving your Facebook password over to a friend or a person you are in a relationship with is a bit like giving them the key to your house or apartment. Of course, this often backfires, as relationships sour leaving the once trusted person able to post things on the other’s behalf. But as a trend could it explain some of the culture of password sharing our research has found among young professionals? Are they giving their network password to their favourite colleague as a sign of trust? Security fatigue Then there is the issue of simple lack of interest. As we’ve noted, we constantly see security breaches in the public eye. Younger generations, who have grown up with the internet, have been told over and over again all of the best practice about passwords and security. Is it possible that they’ve just had too many passwords and logins to manage over the years, and heard about too many security breaches that did not affect them directly, to really care anymore? It seems that though there are a number of reasons why younger generations are just not as security conscious as their elders, there must be an element of this. And it is worth consideration for your own organisation’s security policies. Many of your employees may well know all of the rules, but that doesn’t mean they’ll follow them if you make it easy for them not to. Put restrictions in place, but make adherence to those restrictions a simple and easy process to avoid employee apathy becoming your biggest security risk.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Are younger generations suffering from security fatigue? Audrey McNeil (Aug 20)
- <Possible follow-ups>
- Are younger generations suffering from security fatigue? Audrey McNeil (Aug 20)