New dogs, no tricks! It could be argued that what caused Generation Z to be so engaged has also caused them to be less security conscious. That a care-free attitude to download and connectivity makes them more dangerous than those who would feel proud to use “Admin123” as their new password because they’ve finally remembered to add some numbers into the mix!
I would argue that Generation Z aren't actually less security savvy. Yes, the apps and the devices allow them to "accept" anything, very quickly, and so they do. But, they are far more aware of privacy and security issues because they hold dear the very thing that would stop if they were attacked. Access. They can’t be without access, that’s what hurts them most, and so they are more cautious, naturally so.
Old dog, new tricks? No manner of training, no quantity of training can seemingly change some people’s attitudes to cyber security. It is as if it “were upon them” to decide to be secure, and some people just don’t care enough because they haven’t yet been a victim. If you add this attitude to a corporate policy, a corporate necessity for cyber safety, it poses a dangerous mix.
Does this attitude bring the responsibility solely back to the IT Security team, must they take the onus to restrict by policy? Do they continue to allow less security to keep engagement and productivity up, or should the policies be more heavily enforced with this kind of user?
IT Security teams have to have a business readied policy that confronts, teaches, protects and enables. That’s a tricky mix indeed. Add in the human element and one can see why breaches occur on a daily basis.
Is there one simple answer? No. Not really. Yes, there are too many vendors who promise to deliver a nirvana, and fail spectacularly. There’s also too much money spent on legacy security solutions that could be swapped out very easily and cost-effectively. But, in the last 10 years, I can’t think I’ve ever met an IT security professional who doesn’t care about protecting against breaches, I’ve never heard anyone say, “ah, sod it, it’ll be OK”.
From a personal point of view, I'm trying to educate my children to be aware of their online presence, their device security, their password and pin protection. But, it is true to say, they do ardently look for free Wi-Fi from wherever they can get it to improve their online experience, will gladly download apps and click any T's & C's that give them the app the fastest. They are very aware of dodgy links and phishing attempts on emails, and I’m proud of their attitude towards this.
But, they aren't yet a corporate app and data user and my advice only goes so far, and then I'm the "fuddy-duddy" Dad, a family CISO if you will! They'll soon be a "Generation Z Twenty", and they'll soon be in the workplace where their technology intense upbringing will have created an instant use policy and expectation. Security policies that restrict this will be ignored and undermined.
The CISO has to know they're coming! Heaven help you!