CSO - The insider threat, the bane of computer security and a topic of worried conversation among CSOs, is undergoing significant change. Over the years, the majority of insider threats have carried out attacks in order to line their pockets, punish their colleagues, spy for the enemy or wreak havoc from within. Today's insider threats may have something much less insidious in mind--multitasking and social networking to get their jobs done.
There's a growing risk within most organizations today that is clearly an insider threat but is also clearly not caused by a disgruntled or disillusioned employee. In fact, the new insider threat is more likely to manifest itself as a gung-ho new employee or contractor. And more often than not, the new insider threat is a recently hired twenty-something. We've coined the term "lifestyle hacker" to refer to this new cadre of insider threats. The lifestyle hacker does not have malicious intent. Nevertheless, the lifestyle hacker is highly successful at skirting various corporate controls put in place to protect security-related websites and critical endpoints. The most interesting and ironic aspect of the lifestyle hacker is that he is motivated by the pursuit of productivity, often the very same motivation driving the implementation of various corporate controls (including but not limited to Web proxies, DLP solutions, firewalls, etc.).
Tightly managed organizations (especially huge financial corporations) often block access to Web 2.0 capabilities in order to "promote productivity of staff." However, this very same staff often desires to utilize Web 2.0 capabilities (including social networking, external IM, Skype, Twitter, etc.) in the name of enhancing personal productivity. And never the twain shall meet!
This conundrum exists as the inherent conflict between those who make the rules and those who break the rules, both of whom are driven by the exact same motivation--being more productive in the work environment. There are two fascinating and problematic aspects of this situation worth mentioning:
1. The population of lifestyle hackers is growing in size and diversity as demographics of new hires shift toward those people who grew up on the Internet.
2. Neither the corporate decision makers who make the rules nor the lifestyle hackers understand the security ramifications of emerging and evolving Web 2.0 capabilities (see McGraw's article "Twitter Security" at www.informit.com/articles/article.aspx?p=1350268).
To get a handle on the growth of the lifestyle hacking problem, consider this: One Wall Street firm we're both very familiar with estimated that 45 percent of all security incidents in the past two years were lifestyle hacks. A quick look at demographics reveals what's going on. The root of the problem is that newly minted staff members being hired today were generally born in the late '80s; their managers and rule-imposers are of the Baby Boom generation (born between 1947 and 1961). Baby Boomers were brought up with television as the dominant household technology, while the Net Generation (as Don Tapscott calls them in Growing Up Digital: The Rise of the Net Generation) was exposed to the Internet as early as they can remember (and some even earlier than that). Television is a mostly passive broadcast medium. By contrast, the Internet promotes widespread collaboration. This difference engenders significant divergence in behavior for the two generations. Baby Boomers focus on a single task when under pressure, while the Net Generation prefers multitasking.
- Meet Business Demands and Drive IT Innovation Your IT organization plays a strategic role in business operations. What new solutions and offerings could you create if you had an agile,...
- British Airways Case Study British Airways increases scalability, reliability, flexibility and performance while building on its IT infrastructure using Red Hat Enterprise Virtualization.
- 3 Keys to Secure BYOD Deployment The new Bring-Your-Own-Device (BYOD) environment presents challenges for IT managers and business leaders. This paper discusses how IT managers can address those challenges,...
- Creating a Video Collaboration Strategy: Four Mistakes Mid-Market Companies Make and How to Avoid Them This Cisco-sponsored whitepaper from AVI-SPL shares key insights from Cisco's and AVI-SPL's teams of video collaboration integration experts gained through hundreds of deployments...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Symantec NetBackup Appliances: Key Factors in Modernizing Backup and Recovery This white paper outlines a structured approach to assessing the advantages and requirements of the PBBA model, and in particular the unique capabilities... All Management White Papers | Webcasts
Computerworld has launched its annual search for outstanding IT leaders who align technology with business goals. Nominate a top IT executive for the 2015 Premier 100 IT Leaders awards now through July 18.