By Steve Durbin, Managing Director, ISF
Over the next few years, the first truly digital generation (Gen Z) will filter into the workplace. Like the preceding millennial generation, they will bring different attitudes with them. However, unlike their predecessors their approach to information sharing will be extreme.
Growing up in the age of the smartphone and social media, their reckless attitudes towards sharing information will set new norms that fall short of the requirements for good information security. This will undermine decades of awareness activity, leading to significant reputational and financial damage.
Gen Z’s desire to post, tweet and share content online will lead to members of this demographic negligently sharing confidential information on social media or elsewhere with growing frequency, causing financial, legal, and reputational damage to organizations in the process. Organizations will be forced to invest in readdressing and revitalizing security awareness training to protect themselves from this constantly connected, ‘always-on’ generation.
Taking advantage of Gen Z’s security naivety and trusting nature, organized criminal groups and hackers will use sophisticated social engineering scams, posing as ‘influencers’ and manipulating tech-dependent individuals into giving up their employers’ critical information assets.
Opportunistic attackers will find leaked corporate secrets on social media, using them to manipulate share prices or cause financial damage. This digital generation will become a nightmare for organizations’ information security teams but a dream for scammers.
What is the Justification for This Threat?
According to the UK’s Advisory, Conciliation and Arbitration Service (ACAS), 70% of surveyed managers were concerned about Gen Z’s introduction to the workplace, with the need for instant gratification, resistance to authority and poor face-to-face communication skills being core issues. By 2022, Gen Z will be transitioning from university or school life into the business world.
When doing so, they will introduce a new set of expectations, values, and behaviors into the workplace, including a heightened disregard for privacy online and a lack of understanding of and value for information security.
Entrepreneur Magazine stated that Gen Z exhibit characteristics such as ‘radical inclusion’ with physical and digital relationships, meaning that they are often unable to distinguish between friends they meet online and friends in the physical world. Attackers will begin using carefully crafted social engineering techniques on social media platforms, such as Twitter, Facebook, or WhatsApp to compromise the organizations that this demographic works for.
A study by McKinsey across Brazil’s younger demographics demonstrated that Gen Z are ‘communaholics’ online, constantly posting images and updates on social media to their followers. They use platforms such as Twitter, Instagram, and Snapchat between 6-8 hours a day and are typically guided by ‘influencers’ for many of their decisions. Many of these individuals are ‘digitally native,’ having grown up exclusively in a world with digital technologies at their fingertips, entrenched in social media and mobile platforms and unable to survive without access to their mobile devices. However, the fact that many individuals have always used mobile technologies and social media does not translate into security awareness or secure online behavior.
Gen Z are arguably naïve to the threats posed by online attackers, being particularly susceptible to fraud and typically disregarding security risks online, compared to Gen X and Baby Boomers. A recent report found that Gen X and Baby Boomers appear to have better cyber security knowledge and practices than Gen Z.
Password reuse was the highest among Gen Z, with 78% saying they used the same password for multiple accounts online. Moreover, Baby Boomers proved to have a better understanding of the importance of software updates than younger generations: 84% said they believed updating security software is essential, while 61% of Gen Z said the same. Their lack of awareness of, and value for, information security will pose considerable information risks to organizations in the future.
The need for organizations to adapt to, and prepare for, the next generation of workers is urgent. Gen Z will introduce a raft of problems, that, if not overcome or prepared for, will result in the confidentiality of information being compromised.
Subsequently, organizations will face financial and reputational damage when data is shared, corporate secrets are accidentally revealed online, and the digital generation is socially engineered into giving up the crown jewels.
How Should Your Organization Prepare?
The arrival of the next generation of employees is inevitable. Therefore, organizations must take proactive steps to integrate them into the workforce, aligning their values and norms with the requirements of the business.
In the short term, organizations should review and update social media policy to reflect growing concerns around Gen Z in the workforce. Additionally, implement and enforce a robust data leakage prevention program and evaluate the feasibility of a digital rights management deployment for sensitive information.
In the long term, create tailored training and awareness materials for the Gen Z workforce. Understand and monitor your brand identity on social media through an information security lens. Finally, review whether the organization’s information security policy reflects outdated norms and values.