It's official — there are now more millennials than baby boomers and their influence on information security is starting to have its impact, according to a recent report from LaunchTech that was commissioned by Forcepoint.
According to the report, nearly two-thirds of the 670 participants use personal devices for their private and company work, while 32 percent said they access social media at work. Another 32 percent download third-party apps for productivity while 20 percent said they do not notify the IT department about those apps.
From a security perspective, half of the respondents reported a breach or infection in the past two years, while 20 percent admit to using public WiFi to check banking information or paying bills online. Nearly half — 45 percent — report that they have received no security training at all.
These results indicate that many millennials, those born between 1977 and 1994, could turn into unintentional insider threats and rule-benders, the report said, in part because they are unfamiliar with rules about security and best practices. Referencing a report from the Deloitte University Press, the study said that by 2025, millennials will comprise 75 percent of the overall workforce.The report goes on to say baby boomers tend to be more cautious about security and millennials are more caviler, opting for expediency over security.
Terry Gold, founder of Orange County, Calif.-based D6 Security, a research and consulting firm, agrees that the digital natives then to overlook security precautions in part because they tend not to learn the lessons of those who came before.
Gold uses the example of banks that wrote their own software and had their own staffs managing the IBM mainframes and writing COBOL code. These IT departments had rigid process for change management and were process-oriented in the IT operations. Today's SaaS-based companies, many of which are run by millennials, are quicker to develop applications, often using the Agile Development model, but the information security processes are different and vulnerabilities tend to be overlooked. He blames this more in part due to lack of experience and expertise rather than age or recklessness.
“The millennials' field of vision is wide but not deep,” he said. They are interested in instant gratification and tend to overlook security vulnerabilities in order to get a job done faster. However, he adds that millennials are “more companionate” and understanding than the boomer generation and a more technically adept generation. Given time, he said, “The experience will come.”