I had the pleasure to mentor a summer intern named Min Ji Kim, who is returning to NYU to continue her education next week. Before she left, Min Ji wrote a wonderful guest blog about what she learned about cybersecurity during her short time at Centrify. Enjoy!
A Gen Z's Perspective on Cybersecurityby Min Ji Kim
I was attracted to Centrify as a corporate communications intern due to my curiosity about marketing, especially in Silicon Valley. Now, as I am about to head back to university, I take with me hands-on experience as part of a corporate marketing team as well as a deeper insight into an important industry I never expected to learn about: cybersecurity.
Here is a personal story to represent what I learned as a Centrify intern:
TALES OF A FOURTH GRADE "HACKER"
In fourth grade, I had my first experience with the dangers of the internet.
My best friend (to retain anonymity, let’s call her “Patty”) left her Facebook account open on my laptop. Even after logging out, the computer continued to remember her password, which I never bothered to delete. One day, Patty and I got into a fight. In my bout of pre-teen rage, I contemplated how I could retaliate – aha! the Facebook account. Five minutes later, I had deleted all of her messages (that will teach her!). Patty never learned how I gained access to her account. When asked, fourth-grade me answered “hacking.” In reality, due to her carelessness, I simply had access to her credentials and used that to log in.
In a way, this childhood story parallels the reality of today’s cybersecurity threat-scape. Hackers don’t type enigmatic codes in the dark to access secret information. They simply log in through uncomplicated methods like password spraying and credential stuffing, or they get users to handover their credentials willingly via phishing. And as data breach headlines reveal, the bad guys are increasingly able to win because people still use predictable passwords, the same passwords on all their accounts, or are simply careless and too trusting with their information, like my friend Patty.
Because of such carelessness, humans have always been considered the weakest link in cybersecurity, which organizations have tried to overcome with complex technology. Now, as people like Patty, myself, and millions of other “digital natives” enter the workforce, there are even more concerns about the future of technology and privacy. Where are these concerns coming from? And what can we do to address them?
Many studies show that Gen Z, now reaching nascent adulthood, bring a lot of disruptive habits towards technology and internet use. Unlike other generations, we are the most internet-dependent, having grown up with iPhones in our hands and attending schools that utilized the internet in everyday projects. This digital environment we grew up in may make us extremely technologically savvy, but we’ve also been prone to putting privacy and security in the backseat. Research and surveys reveal that we like to bring our own devices to the workplace and are willing to trade privacy for personalized experiences.
We’re also overly confident in our digital security. In an Online Security Survey conducted by Google, 71% of Gen Z respondents said they wouldn’t fall victim to a phishing scam, but only 44% could define the term “phishing.” 78% of Gen Z respondents also said they use the same password for multiple online accounts, a number that was 10-20% higher in comparison to older generations’ respondents.
OVERCONFIDENT ≠ APATHY
However, just because we’re overconfident doesn’t necessarily mean we don’t care about cybersecurity. We clearly understand the separation between what should be kept private and public, and want to protect our information from being abused. Our generation knows that the current internet age is more of a marketplace in which our information is being sold – influencers and online personalities abound – rather than an open community. Therefore, many of us often utilize a privacy feature on Instagram: public mode off. We invented the terms “finsta” and “rinsta,” abbreviations for fake-Instagram and real-Instagram, the former being solely open to close friends and the latter for public use. So why do we implement such weak security practices?
From Facebook to Faceapp to Citrix to Google, it’s overwhelming how there seems to be a new security problem or breach with an application, device, or company every day. Although us “digital natives” do care about our privacy, often times, we just don’t know where to start. No one could have predicted today’s digital world, so we were neither taught how to protect ourselves in the online world nor taught the importance of doing so. As a result, just like Patty, we’ve become too trusting and comfortable.
In fact, for an industry whose global market is predicted to grow past $300 billion by 2024, there is still not enough being done to educate my generation about cybersecurity. For me it took a summer working at Centrify, a leading cybersecurity company, to understand the importance of security best practices, how it affects every industry from education to manufacturing to healthcare, and steps I can take to better secure my organization and my own personal information.
LEARNING FROM THE EXPERTS
My summer internship afforded me the opportunity to learn from colleagues with decades of experience in the industry, including cybersecurity evangelist Torsten George, who shared with me some tips on things Gen Z-ers (and others) can do to maintain their personal cybersecurity.
“Attackers don’t need to hack in anymore – they login using weak, stolen, or otherwise compromised credentials. The most fundamental thing you can do is to stop using common or easy-to-guess passwords; in fact, Chrome offers a ‘Password Checkup Extension,’ a plug-in to help you use safe passwords that haven’t been exposed in a recent breach. Use strong, unique passwords and make sure to not reuse them for multiple accounts. Implement two-factor authentication whenever you can. Be educated on what phishing scams look like and stay away from calls, emails, and other things that seem suspicious. Stay up to date on what tactics hackers are using.”
However, it’s important to not forget cybersecurity is a two-way street, and both organizations and individuals should be doing all they can to be educated and take action. At the 2019 RSA APJ Conference, Kyla Guru, CEO of Bits N’ Bytes Cybersecurity Education, delivered a speech about the importance of mobilizing the next generation for cybersecurity and public action.
“Young people have a part in securing the future, because they are the future. As the biggest users of technology, spending 80% of their waking day online, they need to have a seat at the table and educating them through awareness, training and advocacy will be how we strengthen our human firewall.”
We don’t have to be like Patty – trusting organizations, websites, devices, and applications until it’s too late. We can begin strengthening our human firewall by taking action; educational institutions can educate Gen Z on the importance of cybersecurity and how to maintain it, “digital natives” can become more aware of hacker’s tactics and be cautious when giving websites and apps their information, and we all can loudly voice higher expectations from organizations to put our information security at the forefront.