Age Bias and Its Impact on Workplace Cybersecurity: An Insightful Study
"The greatest threat to our planet is the belief that someone else will save it." - Robert Swan.
Conventional wisdom might suggest that older employees, typically considered less tech-savvy, pose a greater cybersecurity risk to organizations. However, a recent IT security company Ivanti study challenges this notion, suggesting that younger workers can pose a greater risk due to their unsafe cybersecurity habits.
The Study and Its Findings
Based on a Q4-2022 survey of 6,500 executive leaders, infosec professionals, and office workers worldwide, the study concluded that millennials and Gen Z workers are likelier to have unsafe cybersecurity habits than their older peers. The study found that a significant percentage of office workers under 40 engage in risky behaviors such as using the same passwords on multiple devices, sharing work devices with family or friends, using a birthdate in their password, and clicking on phishing links when targeted. These behaviors were found to be less common among office workers over 40.
Contrary to popular assumptions, the study found that younger professionals were significantly more likely to disregard important security guidelines when compared to Gen X and older. This disregard for cyber hygiene and their less likely propensity to report signs of potential security threats when encountering them renders younger workers a potential risk to organizational cybersecurity.
The Role of Healthy Skepticism
Experts suggest that older workers, lacking the ingrained familiarity with online technology that younger workers do, might have a healthy skepticism and sense of caution regarding their online activities. This healthy skepticism can often serve as a protective barrier against potential cyber threats. On the other hand, younger workers, usually overly self-assured regarding technology, can sometimes favor convenience over security, leading to riskier behaviors.
Addressing Overconfidence with Simulated Attacks
Experts propose that simulated attacks, such as phishing campaigns, can help address the overconfidence of younger workers. These simulated attacks help the younger groups understand how easily bad actors can slip into their daily work routine if they are not careful. The shock of being tricked, especially for someone confident in their ability to avoid falling for a ruse, can be a powerful deterrent against careless behaviors.
Generational Differences and Their Impact on Cybersecurity
Generational differences also play a significant role in shaping cybersecurity behaviors. Younger workers, having experienced the rapid advancement of technology differently than their older peers, often fail to focus on fundamentals. As a result, they may be more susceptible to cyber threats. On the other hand, older software writers, having had to write their code from scratch and learn about securing their code, are often more cautious and security-aware.
Gender and Seniority Impacts
The study also found that gender and seniority can impact the collective strength of an organization's security. Men and leaders were found to be more comfortable contacting a security employee with a question or concern. On the other hand, women were less likely to do so. Experts suggest that addressing this could involve implementing a standard, user-friendly portal for reporting cybersecurity incidents, making the reporting process accessible and less intimidating for everyone, regardless of position or gender.
Adapting Cybersecurity Training for a Diverse Workforce
The study's findings underscore the importance of adapting cybersecurity training based on the demographics of employees. Business leaders are urged to solicit feedback from their employees on how to make the exercise more effective. They're also encouraged to ensure that cybersecurity training accounts for diversity and inclusion practices so that all employees feel included in instilling sound cybersecurity practices throughout the organization.