Even the Tech-Savvy are Prone to Compromise

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.cio.com/article/741894/Even_the_Tech_Savvy_are_Prone_to_Compromise

The millennial generation, those of us who were born and raised alongside
the Internet, should be wise enough to avoid account hijackings and other
scams, but we're not. In fact, one out of four millennials have admitted to
having at least once incident where an online account was hacked.

In the interest of awareness and critical thought for National Cyber
Security Awareness Month, CSO examined the results from a recent survey
conducted by Marble Security.

The survey itself focused on adults born between 1980 and 2000 by asking a
single question -- "Have you ever had an online account hacked?" The
question itself is simple, but it demonstrates a few important variables
when it comes to assessing employee-based risk.

Of those aged 25-34 -- 26 percent of them confirmed that at least one
online account of their has been hacked, but that doesn't account for those
who have been part of major breaches over the years, or those who have had
more than one account compromised. When it comes to those aged 35-44, the
percentage drops to 24 percent.

These groups represent today's workforce; the BYOD set and the users
commonly targeted by social engineering, phishing, or watering hole
attacks. All of them have faced account compromises at least once, and the
odds are likely that they will face them again. Yet, these are supposed to
be the technically savvy.

"The survey results contradict the assumption that millennials are more
tech-savvy and less likely to fall victim to tactics used by hackers, such
as social engineering or phishing tactics," Marble Security explained in a
statement.

Additional data from those interviewed for the survey also discounted
variables such as education, income, location, or sex. This, if anything
proves the thought process that criminals don't care about you personally,
they care about the access you have.

"Near complete adoption of mobile devices in the workplace, cloud
computing, and businesses increasingly adopting BYOD programs mean that the
enterprise faces increased risk. Every employee comes with an aggregate of
accounts, profiles and passwords -- all vulnerable to attacks."

As millennials spend more time online, both at work and at home, the odds
increase that we'll be the target or a victim of an online attack. This
could mean the loss of funds, identity, or sensitive corporate data, simply
because we exist. This is where awareness training helps, because the more
it's done, the more the lessons stick, and the less likely it is that we'll
be caught out by a passing scam or attack.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.