Cybersecurity Isn’t Generational: Why Millennials May Not Be the Tech Hope of the Future

Of all the assumptions made and beliefs held about millennials, one of the most common is that they’re uniquely tech-savvy. After all, this is the first generation to grow up being exposed first to the advent of computers and the Internet, and now to smartphones, tablets and always-on connectivity. So it’s no surprise that governments have been banking on these digital natives, who practically eat, sleep and breathe technology, to become their cybersecurity saviors. Who better than the first 24/7 tech generation to demonstrate a keen understanding of the current threat landscape and the technical skills necessary to implement the best defense-in-depth measures to counter those threats? Unfortunately, that may be little more than a pipedream, if a new survey is any indication. That report, “Securing our Future: Closing the Cybersecurity Talent Gap,” released by the National Cyber Security Alliance and Raytheon, identified a significant cybersecurity awareness gap among millennials worldwide – specifically, respondents between the ages of 18 and 26, hailing from countries like the U.S., U.K., Germany, France and Japan. Despite the presumption that millennials would be naturally more predisposed to grasping and deploying best practices for cybersecurity, as well as pursuing cyber careers to do so, many of them sound alarmingly out of touch. Here are just a few of that survey’s findings: Close to 80 percent had neither spoken with a cybersecurity professional before or weren’t sure if they had done so 69 percent felt that their high school computer classes hadn’t prepared them for a cyber career 67 percent said they hadn’t heard about any cyberattacks in the news over the past year Two-thirds...

Open Haus: Central Management [VIDEO]

By any measure, cyber threats against businesses are escalating in both volume and diversity, as the attackers executing these schemes have become more sophisticated and adept at exploiting vulnerabilities in corporate networks and endpoints. But despite this wave of new threats, the top foe of network administrators is actually a familiar one – employees themselves. An unaware employee, a vulnerable endpoint and some human error, precipitated by relentless social engineering, is exactly what opportunistic hackers hope for, and this combination can be more dangerous than any external threat alone. Remember, social engineering was effective against the director of the CIA, who was duped by relatively basic techniques, so why wouldn’t it work against unassuming employees? For network administrators, the key to reducing the impact of human error is to implement remote access technology that stops the spread of a breach before it can dramatically affect the rest of the network. To gain that additional control and visibility, network administrators turn to centrally managed VPNs. How It Works In today’s BYOD workplace environments, where employees are constantly introducing new mobile devices and operating systems, IT administrators must enable remote access and support an assortment of different endpoints. Centrally managed VPNs make this possible, while remaining cost-effective and enhancing employee productivity. Central management is a core feature of the NCP Secure Enterprise Management. Sitting right in the hub of our remote access VPN solution, the central management function streamlines management of remote access security, making it more likely that the network administrator is able to prevent sensitive corporate data from being exposed, whether unknowingly by employees or by malicious hackers. With...

What’s in a Name? The ABCs of Mobile Device Management

BYOD? CYOD? Given the slew of acronyms flying around mobile device management (which, of course, goes by the acronym “MDM”), you’d be forgiven for losing track of what some of these actually stand for, much less the concepts they represent. As offices increasingly embrace digital technology and enable more employees to work remotely, mobile devices like phones and tablets, not to mention laptops, have increasingly phased out the traditional desktop computer. But this paradigm shift is also opening a lot of sore spots and potential security vulnerabilities around corporate data– after all, it may be more convenient for employees to be able to send work emails from their personal phones, but what kind of liability does that create for the company when their sensitive material is stored in an employee’s private cloud storage? This raises further questions about where exactly a company should expect to draw the line between personal and business use on a mobile device. The business should allow a certain degree of convenience for the employee using their device, but at the same time, it’s important to ensure there are adequate security protocols in place. To that end, it’s worth dissecting just what exactly your MDM options are: BYOD: Under a Bring-Your-Own-Device policy, employees use their own personal phones or tablets for business purposes. This policy provides the greatest flexibility to employees in terms of familiarity – it’s their own phone, after all – but it also raises some privacy concerns, for both the company and the user. In fact, 57 percent of employees polled in a Bitglass survey said they opted out of their company’s...

As the Dust Settles: The Value of Secure Remote Access in the Hours After a Cyberattack

The first 24 hours after a cyberattack are chaotic. The investigations and conclusions will come far down the road, but in the immediate aftermath of an attack, the entire organization is in reaction mode. The public relations team will update media members hungry for additional details. If an attack affects an organization’s own employees, the human resources department will issue alerts internally. The legal team will remain on standby to ensure regulatory requirements are met, offer counsel and guide the organization through the first few days of what is likely to be a process lasting many years. For the IT department, meanwhile, those first few hours are all about containment – discovering the origin of an attack, isolating or stopping its harmful effects, and securing IT systems to assure continuity. Yet, in many cases, victims of cyberattacks aren’t taking these critical first steps. According to a new survey by the SANS Institute, only 59 percent of organizations are able to contain attacks within 24 hours and more than half claim to be dissatisfied with the length of time it takes for them to contain and recover from an attack. Even the federal government doesn’t really have a perfectly coordinated strategy for responding to these events. As last summer’s hack of the Office of Personnel Management (OPM) showed, the government isn’t well equipped to react quickly to emerging threats and successful attacks, and individual agencies don’t always take ownership of a coordinated response. Fortunately, most businesses don’t have such a burden. Most are more agile than the government, and therefore better positioned to respond quickly, even if the findings of...

CIA Director’s Hacked Email Shows Need for Multi-Factor Authentication

There’s a certain irony to the way the U.S. government approaches encryption and data privacy for its citizens, while simultaneously falling victim to major data breaches itself through embarrassing security lapses. Up until recently, law enforcement agencies like the FBI had lobbied hard for companies like Apple and Google to be forced to program encryption “backdoors” into their services, like iMessage, so that they could listen in on the otherwise-blocked communications of suspected criminals or terrorists. Silicon Valley’s response (and what the White House eventually sided with) was that opening a “backdoor” for law enforcement is tantamount to ultimately opening a backdoor for anyone. The FBI and NSA counter-argued that they would be in control of the keys to those doors, and that user data would be safe with them. That was a hard argument for privacy advocates to accept then, and it’s even less likely to win over anyone now in light of a new data breach scandal. The Guardian recently reported that a pair of hackers managed to access the personal AOL email account of John Brennan, director of the CIA. Not only that, but the data that was compromised through the breach – which included the names, contact information, security clearances and Social Security numbers of around 20 CIA employees – was leaked and published to Twitter. While the contents of these emails were, in Fortune’s words, “mundane” and “peanuts as far as actual revelations and public interest is concerned,” the fact remains that a pair of reportedly teenage hackers managed to hack into the email account of the U.S. Director of Central Intelligence. The joke...