Just how cyber risk savvy are today’s young people, the so-called “Millennials”?
You might expect the generation probably most accustomed to mobile and digital technologies would also have the nous to stay safe online. However, this wasn’t the finding of a recent survey by Raytheon (international defence technology company) and the National Cyber Security Alliance (a not-for-profit organization promoting internet safety).
When polling 18-26-year-olds about their online security, the survey revealed “a mix of misplaced confidence” and “startling ignorance”. Among the respondents, from a dozen countries, 58% are not taught in school how to stay safe online and 67% hadn’t heard about cyber attacks in the past year.
Frankly, I’m not surprised!
In a similar vein, it took many years for governments to realize that the introduction of cars onto the roads was killing too many people and needed concerted education and legislation to stem the problem. Equally, with cyber awareness, there has to be a wider recognition – and not only among Millennials – that people need to be behave more responsibly online to be safe and to protect the companies they work for from potential data loss and reputation damage.
Who teaches us about cyber security?
Computers are not automatically safe nor are the people using them; but the question is: “who teaches you online safety?” The fact is, unlike with cars, there isn’t a generation with a clear idea of cyber risk that can pass on sound advice to the next generation. That’s a problem when the type of threat to computer users and the businesses employing them, plus the number of vulnerabilities being discovered in hardware and software, is changing ever more quickly. And just when you thought you knew all about vehicular risk, the cyber dimension is also starting to affect cars too. More manufacturers are using software engine management systems and many now have functionality that allows the driver to access the web. Unfortunately this functionality has been found to be vulnerable to cyber attack.
A lack of risk understanding among computer users results in a “head in the sand” effect, in which cyber security is someone else’s problem to solve and pay for. Ordinary computer users can be forgiven for not understanding what’s what, as the typical language used by organizations to describe cyber risk tends to be complex and even impenetrable. Ultimately, this ignorance among people puts companies and their information assets and key capabilities at severe risk.
There are core cyber safety skills that companies need to teach their people in order to protect their digital assets:
Addressing the cyber awareness problem
Regardless of the age of employees, companies need to have an effective cyber awareness programme in place, engaging their staff and delivering consistent information about online behaviour that will help prevent cyber criminals from being successful.
Different educational approaches resonate with different people and – as with any awareness and educational campaign – “one-size-fits all” doesn’t work; what has to be consistent is the message.
AXELOS’ RESILIA™ best practice framework delivers knowledge using a variety of approaches including computer-based training, interactive games and posters; each resonates differently with people and provides tailored learning to meet the awareness and knowledge needs of everyone in a company.
The old war between the generations – the so-called “generation gap” – has been superseded by the work of new, online foes. And it’s the responsibility of well-trained and well-prepared people of every generation to ensure the cyber crooks don’t win this new war.
See our RESILIA™ section for more information about cyber resilience.
More AXELOS Blog Posts by Mark Logsdon
Is this a Phishing email?
Hands up who doesn't understand cyber risk?
Building cyber education for all
The War on Cyber: Protecting Ourselves Against Weaponization
Cyber resilience: protecting the network or the data?
The perils of cyber-attack – and the new solution
Have you heard the one about the three judges...? A Cyber story to be aware of
Preventing cyber attacks - it's a people thing as much as IT