BreachExchange mailing list archives
Even the Tech-Savvy are Prone to Compromise
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 23 Oct 2013 22:32:48 -0600
http://www.cio.com/article/741894/Even_the_Tech_Savvy_are_Prone_to_Compromise The millennial generation, those of us who were born and raised alongside the Internet, should be wise enough to avoid account hijackings and other scams, but we're not. In fact, one out of four millennials have admitted to having at least once incident where an online account was hacked. In the interest of awareness and critical thought for National Cyber Security Awareness Month, CSO examined the results from a recent survey conducted by Marble Security. The survey itself focused on adults born between 1980 and 2000 by asking a single question -- "Have you ever had an online account hacked?" The question itself is simple, but it demonstrates a few important variables when it comes to assessing employee-based risk. Of those aged 25-34 -- 26 percent of them confirmed that at least one online account of their has been hacked, but that doesn't account for those who have been part of major breaches over the years, or those who have had more than one account compromised. When it comes to those aged 35-44, the percentage drops to 24 percent. These groups represent today's workforce; the BYOD set and the users commonly targeted by social engineering, phishing, or watering hole attacks. All of them have faced account compromises at least once, and the odds are likely that they will face them again. Yet, these are supposed to be the technically savvy. "The survey results contradict the assumption that millennials are more tech-savvy and less likely to fall victim to tactics used by hackers, such as social engineering or phishing tactics," Marble Security explained in a statement. Additional data from those interviewed for the survey also discounted variables such as education, income, location, or sex. This, if anything proves the thought process that criminals don't care about you personally, they care about the access you have. "Near complete adoption of mobile devices in the workplace, cloud computing, and businesses increasingly adopting BYOD programs mean that the enterprise faces increased risk. Every employee comes with an aggregate of accounts, profiles and passwords -- all vulnerable to attacks." As millennials spend more time online, both at work and at home, the odds increase that we'll be the target or a victim of an online attack. This could mean the loss of funds, identity, or sensitive corporate data, simply because we exist. This is where awareness training helps, because the more it's done, the more the lessons stick, and the less likely it is that we'll be caught out by a passing scam or attack.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Even the Tech-Savvy are Prone to Compromise Audrey McNeil (Oct 25)