Infosecurity Team | June 01, 2018

The Millennial Question: How to Overcome the Security Risks of Digital Complacency

As seen in the Infosecurity Europe Blog...

Amy Baker, VP of Wombat Security Technologies (a division of Proofpoint)

Millennials have been treated as a different species by workplace analysts and psychologists, so much so that it is difficult to keep up with the list of adjectives used to describe their attitude to work. Yet, whilst they’re frequently considered as far more technologically savvy than their elders, recent research has identified that the younger generation may in fact be more likely to fall for scams in comparison to so-called “Baby Boomers”.

So, firstly, how do we actually define a Millennial versus a Baby Boomer? Baby Boomers are the generation that emerged during the birth rate hike after WW2. Typically their age range is defined as those born between the years 1945 and 1965, meaning that they are in their fifties, sixties and seventies. Millennials, or Generation Y, are likely the children of the Boomers. Whilst a precise time period for when Millenials were born is debated, most agree that they come from the early 1980s to mid-1990s meaning that they are in their mid-twenties to mid-thirties.

Millenials have grown up alongside the internet, leading to Goldman Sachs defining them as the “first digital natives”. They are “always online”, with 80% of Millenials in the UK using social media sites like Facebook in comparison to just 58% of Boomers. As well as this, 95.6% of Millenials have smartphones in the UK in comparison to 55% of Boomers.

The assumption of many is that because Millenials are so comfortable with technology, that they are also behaving in a cybersecure manner. However, our latest State of the Phish™ Report revealed the Millenials’ lifetime use of technology may have bred complacency when it comes to security. Baby Boomers are 11% more likely to define phishing correctly than Millennial counterparts. The study found that only 61% of respondents aged 18 to 29 were able to correctly define phishing. Furthermore, research from Get Safe Online identified that young people are particularly vulnerable to “family and friends” scams whereby they are tricked into sending money to cybercriminals who have hacked into the social media accounts of their family and friends. Experian has also identified that people in their mid to late 20s are now more likely to fall for financial fraud than those who are over 60 years old.

Get Safe Online has identified a few reasons why this may be the case: young people are online more thus generating more opportunities for cybercriminals to attack them; young people are also so digitally savvy that they have become complacent to risk because they assume that only older people fall victim to scams; and finally, young people prescribe to the outdated idea that phishing emails aren’t targeted – so smarter social engineering attacks are more likely to be successful.

These findings show that, because they use technology differently to their Baby Boomer counterparts, Millenials’ cybersecurity training could also benefit from being structured slightly differently. Regular and continuous training is absolutely key for all generations, but in the Millenials’ case this will be key in changing bad behaviours that have been entrenched from a very young age. It’s important to focus training on topics particularly pertinent to Millennials such as mobile device security, mobile app security, safe social networking and safer web browsing. Finally, in order to appeal to and engage the digital generation, training needs to be focused, interactive and “bite-sized” – ideally not lasting more than 15 minutes. Gamifying training can also act as a great way to motivate Millennials to improve their skills.

In short, the need to get Millennials up to scratch is critical because by 2020, 35% of the global workforce will belong to this age group. Laser-focused cybersecurity training and awareness will give them the knowledge they need to act as a last line of cyberdefence for their organisations.

Read this article in the Infosecurity Europe Blog