Subscribe

Millennials in the machine

The growing cultural impact of millennials in the federal workforce, by Michael Crouse, Sr Director Business Solutions, Data & Insider Threat Security Business.


Johannesburg, 23 Mar 2017

How can federal agencies allow millennial workers access to their devices and social media, but also ensure they have the security in place so that millennials can't abuse these services?

Today, many federal agencies are simply not prepared for the ongoing influx of millennials into their workforce, says Michael Crouse, Sr Director Business Solutions, Data & Insider Threat Security Business at Forcepoint.

Existing processes, procedures, and organisational structures limit the abilities of many federal agencies to collaborate and meet these emerging cyber and insider threats. Stove pipes remain within the federal government and processes have been very regimented, lacking the creativity and flexibility to adapt to a new world.

And, of course, agencies used to assume that when a worker signs an NDA, the individual would abide by all the rules and processes, despite the inconvenience to their personal lives. Employees would never think about violating the NDA or discussing internal politics outside the organisation; discussing how their people interacted with data and systems would be a taboo subject.

But, millennials have different expectations than their predecessors and are less willing to accept limitations for accessing their smartphones, the Internet and their social media such as Facebook, Instagram, Snapchat and others, in federal agencies. At the same time, the federal government is experiencing a talent deficit and needs to attract top-notch expertise to secure the most sensitive networks and protect against inadvertent or malicious data theft.

Therein lies the challenge. Many practitioners attempt to secure or block the use of new or popular technologies in the workplace with more technology. But technological solutions on their own can't solve a problem with human behaviour at its core. By thinking about how humans interact with technology and data - what we refer to as the 'human point' in security - we stop the endless pursuit of attacker-controlled inputs and instead focus on understanding the motives, intents, feelings, and actions of those closest to our data: users. Only by first understanding the problem from this perspective can the technologies that might address it be implemented appropriately.

Despite numerous presidential executive orders, memorandums and directives, there remains a hole in many agencies' overall cyber plan to include processes, procedures and technologies to address the rising problem associated with insider threat breaches. Many agencies tell themselves they have this covered with their traditional cyber security tools. But, relying on old school processes and technology is not an effective strategy to provide enterprise visibility on how employees are interacting with sensitive data and networks.

The focus must be on the cultural changes regarding millennials' security awareness. Agencies must be willing to change the status quo and adopt technologies that truly get to the heart of many security problems - user behaviour.

The right solution should be human-centric, not technology-centric. Combining technologies such as endpoint monitoring with user behaviour analytics provides a unique and powerful capability for federal agency cyber security teams to proactively reduce the risk of insider threat data breaches by protecting the human point of contact, where data is most valuable - and vulnerable.

In my next blog, I'll talk about how federal agencies can close the technical and knowledge gap to get enterprise visibility of the workforce.

Hear more from Michael Crouse about the millennial impact on insider threats at Forcepoint's Cybersecurity.

Share

Editorial contacts