Finance / Distrust of financial institutions is turning young people from careers in cyber security
Distrust of financial institutions is turning young people from careers in cyber security
25 May 2017
The next time your corporate network gets hacked because of sloppy employee security practices, blame Wells-Fargo. Specifically, blame the perpetrators of Well-Fargo Bank’s massive fake-account scam, because the criminals responsible for that mess have (as a side effect) crippled many young adults’ faith in banking across the board. This has given many young workers a sense of hopeless fatalism which undermines our information security practices.
I think I’ve got some insight into the American young adult zeitgeist. I teach undergraduate university students and recent grads how to find work in the IT sector. I teach citizenship and “personal management” merit badges to boy scouts. I also assess older scouts for their suitability to be awarded the Eagle rank. These activities allow me to listen to the concerns of workers in the 16-25 age bracket. The most startling thing I’ve seen change over the last ten years – since the Great Recession started – is how young people’s trust in critical institutions has corroded.
When I teach scouts how to balance a chequebook, I often encounter resistance. “Why bother?” they ask. “The banks will just take money out of your account. There’s nothing you can do about it.” When I teach jobseekers how to protect sensitive electronic information, I hear resigned sighs. “Why bother?” they ask. “The banks have all our personal information and abuse it to open false accounts that we pay for.” When I ask Eagle Scout candidates how they’re planning to pay off their student loans, they shrug. “Why bother?” they say. “The banks invent fees and rules to ensure that you can never stop paying them.”
I’ve spoken at length with students who have carried this sense of resigned fatalism into all aspects of their daily lives. They don’t balance their bank accounts to look for potential fraud or correct errors. They lazily reuse passwords between accounts. They dispense with anti-malware tools and ignore browser sandboxing. Many don’t even keep their phones updated with the latest security patches. Why? Because they’ve been relentlessly trained by thousands of media reports since they were old enough to pay attention that the banks we’re all required to trust in order to function in society are amoral, predatory, criminal enterprises that routinely violate customers trust with total impunity. So, sure. “Why bother?” indeed.
I suspect that this defeatism is going to have profound negative ramifications for corporate cyber security departments for a very long time. We can’t not hire these kids – they need jobs and we need their affordable labour. The thing is, their “why bother?” attitude predisposes many of these new hires against diligently applying required cyber defence practices to keep our information and infrastructure reasonably secure. They don’t see a reason to waste time trying, so they don’t make an effort – thereby leaving our systems and networks dangerous exposed.
The solution seems to lie in giving them something worth believing in. Establishing and maintaining our young employees’ trust may be the toughest business challenge of the next two decades.