Young People to IT Security: 'What, Me Worry?'
Don't tell my daughter I was talking about her behind her back, OK? A couple of weeks ago, she spilled a drink on her MacBook Pro's keyboard. We've all done that. It happens. But as we discussed the damage, I assured her that, worst case, she could move her backed-up files to her new machine. Back up? Uh oh. Not only does she not back up, but the Wi-Fi network in her apartment is not secured and she uses the same weak passwords over and over.
You might wonder why I'm telling you this. It's because a survey of young professionals and college-age students conducted by Cisco Systems confirms that my daughter's behavior is all too common. As the Baby Boomers retire, their jobs in business will be taken by the millennial generation, who are going to be a handful for IT. And all too often, IT responds with the equivalent of "Get off my lawn!"
[ Learn about consumerization of IT in person March 4-6, 2012, at IDG's CITE conference in San Francisco. | Get expert advice about planning and implementing your BYOD strategy with InfoWorld's 29-page "Mobile and BYOD Deep Dive" PDF special report. | Keep up with the key tech news and analysis with the InfoWorld Daily newsletter. ]
According to the survey, which included 2,800 young adults, students, and employed white collar types across 14 countries, 7 out of 10 young employees frequently ignore IT policies, and 3 of 5 employees believe they are not responsible for protecting information and devices, believing instead that IT and service providers are accountable.
What does this mean for you as someone who is responsible for running and securing a network? In my opinion, it's yet another wrinkle in the ongoing consumerization of IT. Young people may well have been sloppy and loathe to follow rules in the past, but fallout from those bad habits was buffered by IT's iron control over the infrastructure. No one had smartphones to misuse, and there was no Facebook or Twitter or Google+ to become a security hole. (Facebook's security, by the way, is a disaster waiting to happen.)
There's another issue, and it's more subtle. Modes of attack on corporate networks are shifting rapidly away from mass assaults on millions of computers to thrusts targeted at particular individuals, says Paula Musich, a security analyst with Current Analysis. Employees who are active on social networking sites, for example, and carelessly let on where they work or what they know will be noticed and targeted, she says. "Hackers will use them to gain entry into the system and work their way up" to more senior people and parts of the network containing sensitive information, she tells me.
The new generation gap
The digital generation gap is also an issue for broader levels of management, including HR. The best and brightest potential hires have not only grown up using computers and other digital devices, they consider access to the Web and social networking services a basic right.