Skip Links

How security smart is Generation Y?

Some experts call Millennials the 'new threat vector.' But others say the weakest link in the enterprise is people of any age

By Taylor Armerding, CSO
August 12, 2013 01:51 PM ET

CSO - The generation gap has existed for --well -- generations. But the current divide between twentysomethings and their elders in the IT workforce, at least according to some experts, goes beyond the older cohort simply shaking their heads and muttering, "Kids these days." There is, they say, a security divide.

Andrew Avanessian, vice president of Global Professional Services at Avecto, writing for USA Today's CyberTruth, called Millennials, also labeled Generation Y, "a new attack vector that is emanating from the inside."

Avanessian cited a Cisco's 2013 Annual Security Report that said while Gen Y workers bring enormous IT expertise and technical understanding to their jobs, they also tend to ignore IT policies, demand freedom of access, shrug off a lack of privacy and are used to mixing their personal and professional lives, all of which can lead to cyber intrusions.

As Cisco put it, "Security risks rise in businesses because many employees adopt 'my way' work lifestyles in which their devices, work and online behavior mix with their personal lives virtually anywhere -- in the office, at home and everywhere in between."

[Related: Does your generation pose a security risk?]

Christopher Ellingwood, writing at Berry Dunn, cited a survey by RSA, Inc. that found that more than 70 percent of Generation Y workers, "admitted to conducting 'risky' behavior over the Internet such as posting too much personal and company information on social media sites."

"This generation, also known as the 'click-through' generation, expects information to be readily available and will download content, visit websites, and offer personal information in order to obtain information they seek. Many sites that are visited and files that are downloaded require an acceptance of the terms and conditions which the Generation Y user is highly likely to accept without reading," Ellingwood wrote.

It is not, for the most part, because workers are visiting shady sites. Cisco found that, "the highest concentration of online security threats do not target pornography, pharmaceutical or gambling sites as much as they do legitimate destinations visited by mass audiences, such as major search engines, retail sites and social media outlets."

Regarding privacy, Cisco found that, "most Generation Y employees believe the age of privacy is over (91 percent) & (and) are willing to sacrifice personal information for socialization online."

"In fact, more Generation Y workers globally said they feel more comfortable sharing personal information with retail sites than with their own employers' IT departments -- departments that are paid to protect employee identities and devices."

Avanessian said in many cases those workers need added privileges to do their jobs.

"Restrictive policies that only allow them to do A, B and C actually hinder their workflow, slowing them down and potentially costing the organization in terms of efficiency and resources," he wrote, but added that the "inherent danger" is that even application controls don't stop those workers from opening up the system.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News