When it comes to cybersecurity in the workplace, younger employees don’t really seem to care that much, which is putting their organizations in serious harm’s way, new research has claimed.
Surveying approximately 1,000 workers using devices issued by their employers, professional services firm EY found Gen Z enterprise employees were more apathetic about cybersecurity than their Boomer counterparts in adhering to their employer’s safety policies.
This is despite the fact that four in five (83%) of all those surveyed claimed to understand their employer’s security protocol.
Recycling passwords
When it comes to implementing mandatory IT updates, for example, 58% of Gen Z’ers and 42% of millennials would disregard them for as long as possible. Less than a third (31%) of Gen X’ers, and just 15% of baby boomers said they do the same.
Apathy in the young extends to password (opens in new tab) reuse between private and business accounts. A third of Gen Z and millennial workers surveyed admitted to this, compared to less than a quarter of all Gen X’ers and baby boomers.
Almost half of Gen Z and millennials were “likely to accept web browser cookies on their work-issued devices all the time or often,” compared to 31% of Gen X workers, and 18% of baby boomers.
“There is an immediate need for organizations to restructure their security strategy with human behavior at the core,” said EY America’s Consulting Cybersecurity Leader Tapan Shah.
Some say the apathy of young people towards technology is down to their over-familiarity with technology, and never having been without it.
Being too comfortable with tech undoubtedly makes an enterprise’s younger employees a major target for cybercriminals looking to exploit any hole in security.
If an organization’s cybersecurity practices aren’t upheld strongly, threat actors can compromise huge networks with simple social engineering attacks.
As demonstrated by recent attacks on Uber and Rockstar Games (opens in new tab), a good social engineer doesn’t have to be technically minded to leak sensitive company and customer data, causing hundreds of thousands of dollars of damages in mitigations and fines.