spot_img

A2-2 Whiz Kids and the Risk of Data Privacy &Cyber Attacks

By Patrick Henz, Head sof Governance, Risk & Compliance, Primetals Technologies

The implementation of new forms of social media channels always gets accompanied by the fear that it would produce a negative impact, especially on the younger generations. Similar happened with TV, the first video-consoles, home computers, internet and smart phones. The actual Generation Y (including the Millennials) and Z are digital natives. Since their first steps, they are accustomed to have touchscreens and information around. As parents use tablets and smart phones to calm down their toddlers, they learnt early to use such devices and even get confused if they cannot change the channels on TV with the same whishing movements.

All actual studies confirm that Gen Y and Z have strong values and expect such also from their potential employers. In opposite to the 80’s YUPPIES (Young Urban Professionals), salary lost parts of its importance. This as status symbols changed. Expensive cars and apartments declined on importance, but in opposite to this, fast internet connections and virtual acknowledgment, via social media and blogs, gained relevance. In his study “Growing Up Digital”, Tap Tapscott concludes that these generations are “smarter, quicker and more tolerant of diversity than their predecessors.”

So far, good news for companies and their Ethics & Compliance departments. But there is one downside about the younger generations, their respect to data privacy and content copyrights is significantly lower than at anterior generations. Their different socialization explains it.

Products are more than their tangible part, but include also an emotional universe. This is today not only relevant for industrial designers, but especially for the developers of digital content. More and more music, books, videos and software are not bought anymore in a physical store, but directly downloaded to computer, MP3-player, mobile phone, eBook reader or TV. As in the past a detailed user manual or artistic cover had been part of the complete package, the consumer had something in their hands to conclude from this to the quality & value of the intangible content as music, video or software. As this is missing now in many cases, people lose the respect for the product and piracy is often perceived as a face-less crime, as nothing gets physically stolen, just additional copies elaborated.

Gen Y and Z show a similar mentality also for their own information, as they often present their whole life on Instagram, blogs and/or Tik Tok. An ideal source for social engineers or cognitive hackers to prepare their attacks.

As Gen Y and Z put more emphasis on their values as on the ruling law, the Ethic & Compliance department has to use a different strategy to reach these young employees, this cannot only be the usage of different media, but also has to include tailor made content. Data Privacy is a relevant topic for the Compliance Officer, as attackers became smarter and employees’ attitude to freedom and access to information may be different as defined in ruling law, even if this does not mean that younger generations are not concerned about the protection of information. The IT-infrastructure gets more sophisticated and increasingly, the human employee is identified as the weak brick inside the firewall. It is no surprise that the known hacker Billy Hoffman wants to break with the typical cliché that hackers are nerds spending nights staring at source-codes and are surrounded by empty pizza boxes.  In opposite to this picture, hacking has less to do with pure computer skills, but more with work, as an attack requires a high level of preparation, meaning collecting and analyzing of information, creating knowledge out of this information. This can be done by the hacker itself, but also get automated. “Crawling software” can autonomously search for personal data,  and the included AI starts to connect such information from different searches, as for example a social media profile with company communication and private email-groups. Then on the next step, such an intelligent app can understand how different employees are connected inside the organization and hierarchy.

But this is only one half of the work, to conduct the attack, the hacker has to understand the victim. If it is directly related to the IT infrastructure, its structures must be known. If this is a cognitive attack, as a phishing attack, the hacker must be aware how the human brain works, especially under pressure. Thanks to this, effective cognitive attacks function based on human nature, not only using authority- and time-pressure, but also can play with curiosity and the inner pressure to help people in need.

As organizations are identified the risk, it is up to them to make their employees smarter about cyber protection, what includes workshops to raise their awareness. As for most companies, the workforce is split between digital natives and the ones which are not, different approaches are required. For younger employees, the focus may be on the importance and protection of data, while for the non-natives, training may foster on how to detect suspicious attacks and how to react.

At the end, the human brain is nothing more than a super-computer that may be vulnerable to Trojan viruses, which try to pretend a situation of emergency and so trigger a non-adequate behavior. Such can include a by-passing of internal guidelines,as for example click on unknown attached files, change bank accounts, or connect a found USB-stick to the company computer. Relevant today, even more important tomorrow, as customers, companies and providers increasingly interconnect with each other, and cyberattacks not only lead to the loss of information and money, but even can sabotage the business and machinery.

Hot Topics

Related Articles