- News & Events
October 16, 2013
According to the U.S. Bureau of Labor Statistics, the millennial generation (born roughly between 1980 and 2000) will make up the largest part of the U.S. workforce by 2015. What does this mean from a cybersecurity perspective?
The theme of this week’s National Cyber Security Awareness Month is “Cyber Workforce and the Next Generation of Cyber Leaders.” It’s worth pausing to think about the effect of the next generation on cybersecurity.
People in the millennial generation have grown up with a vastly different relationship with technology than the rest of us.
• They are accustomed to sharing personal information on social networks, often from an early age.
• They may be less careful with passwords, having an attitude that it’s easier to fix problems after the fact.
When I watch my young son working effortlessly on an iPad, it’s clear that the biggest issue with this younger generation in the workforce will be their insistence on using their own devices – the Bring Your Own Device or BYOD challenge.
Millennials and the “New” BYOD
I just read “BYOD As We Know It is Dead” by my friend Bob Egan – and I completely agree with his assessment that businesses are changing how they perceive BYOD. After a period of initial resistance and concern (BYOD 1.0), businesses are starting to understand the real benefits – a more productive workforce, and lower costs.
But security is still the sticking point for man businesses. They’re trying to answer questions like:
• How do you force someone to install a corporate anti-virus solution if you don’t own the device?
• How can you make sure no confidential information is lost through the device, when it is shared with personal applications? (See my blog from last week on the threats of mobility.)
• How do you let insecure mobile devices into your applications?
Focus on What You Can Control
Early BYOD programs focused on restricting and controlling the personal devices themselves. That’s approach doesn’t scale well. The devices themselves are, by definition, outside of IT’s control. And mobile devices change so quickly, it’s virtually impossible to keep current.
To get to a BYOD 2.0 environment, where people can use their own devices for work freely and securely, businesses have to focus on the things that they can control:
This requires a combination of technology and policy. For example, you’ll need to define policies about who can access which data, and in which situations. But there are technologies today that can help by verifying each login and transaction automatically.
For example, if you can make sure that everyone logging into your business applications is, in fact who they claim to be, you’ve reduced a lot of risk. If you can then make sure that they aren’t using compromised devices, you’ve gone a lot further.
By the time my son gets his job, who knows what devices he’ll be using to work? I’m simply hoping that the online environment is secure enough to give him options.
ThreatMetrix™ secures Web transactions against account takeover, payment fraud, identity spoofing, malware, and data breaches. The ThreatMetrix™ Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.
To join in the cybersecurity conversation, follow us on Twitter @ThreatMetrix.
Posted by Dan Rampe
Tags: Account Takeover, Account Takeover Fraud, Bank Fraud, Botnets, Bring Your Own Device, BYOD, CNP fraud, Cookieless Device Identification, Cookies, Credit Card Fraud, Cyber attacks, Device Detection, Device Fingerprint, Device Fingerprinting, Device ID, Device Identification, Fraud Prevention, Hacking, Identity Spoofing, Identity theft, Malware, Malware Detection, Malware Protection, Man-in-the-Browser Detection, MitB, Mobile fraud, National Cyber Security Awareness Month, Online Fraud, Phishing, Phishing Detection, PII, ThreatMetrix Global Trust Intelligence Network, ThreatMetrix Web Fraud Map, TrustDefender Cybercrime Protection Platform, Web Fraud