​Securing the Riskiest Generation: The Millennials

By Dan Ross, CEO, Promisec

The Millennial generation is now the largest cohort in the working population, and most of them are digital natives—they’ve never known a world without laptops, mobile devices, and telecommuting options.

A recent BI Intelligence report claims that in five years, mobile workers will make up 72% of the total US workforce. In 2013, Gartner predicted that by next year, half of global enterprises will require employees to bring their own devices.

As this trend continues, CSOs and CISOs face significant challenges as mobile workers roam around with their laptops in the land of a thousand unsecured Wi-Fi connections, wondering when malware, ransomware, or social engineering fraudsters may strike. The trick is to balance security with the many benefits of innovation, collaboration, and productivity without depriving our workforce of the wide-ranging benefits of mobility.

The traditional boundaries between workplace and every other place simply don’t exist for them—they work, play, communicate and multitask from their personal devices at all hours, using their preferred apps and cloud services to get it all done.

Clearly, we’ve moved (or been pushed) well beyond the debate over allowing BYOD, or the cultural implications of an increasingly mobile workforce, and are now addressing the resulting challenges. This is reflected in the rapid growth of the EMM market, which 451 Research predicts will surge to $9.6 billion worldwide by 2018. The prevalence, potency, and sophistication of global cybercrime show no signs of abating, and the threat surface increases as homeworking and mobility become more widespread. It’s important for companies and IT leaders to examine and fully comprehend the implications of the significant cultural and technological shifts that brought us here. Security solutions that don’t match the way we now work, live, and communicate will fail.

More options lead to more vulnerability

Mobile endpoint management is important for every organization, not just large global enterprises. The growing popularity of telecommuting (a quarter of employed workers), the mushrooming adoption of cloud infrastructure and services, and the ubiquity of mobile devices, apps, and wi-fi connections together create an unstoppable force that continually reshapes how we do business.

Myriad opportunities for creativity, flexibility, and efficiency have been enabled by the digitization of everything, but vulnerabilities and security gaps have proliferated apace. Easy, affordable access to mobile devices, cloud services, and apps means more to patch, configure, and monitor. Virtualization and mobility blur the network perimeter, undermining traditional security approaches. Social engineering schemes subvert security solutions by weaponizing human gullibility. Likewise, human error and poor cyber hygiene makes relying on password protection akin to gambling.

Data fuels and is generated by nearly every business process, creating huge, lucrative targets for hackers. Massive, damaging data breaches have prompted an increase in regulation, and the current focus on compliance has shifted attention away from other vulnerabilities. Ransomware attacks are on the rise (see Cisco’s midyear report for critical updates), with criminals finding ways to maximize pain and profit, including creative uses of spear phishing, blackmail, DDoS, malware delivery mechanisms, and highly sensitive targets. The cybercriminals’ focus on data exploits makes it all the more imperative to protect corporate data assets—inside the network, on mobile devices, and everywhere in between.

Securing a moving, multiplying digital workforce

To address the complex of vulnerabilities introduced by mobile endpoints and mobile data, increased visibility is paramount. We need to know how many laptops there are, where they are, what’s running on them, and how they are configured and secured. They have to be monitored for unauthorized or vulnerable applications, security agent validation, and indicators of compromise. In other words, we have to (once again) get back to basic security practices, but at the scale and complexity of distributed endpoints—in other words, protecting highly exposed, moving targets. Without a comprehensive yet unobtrusive mobile workforce solution, even the most fundamental security measures are nearly impossible to validate and enforce.

To mitigate and prevent damage from cyber attacks and human error, we have to enable visibility before, during, and after an attack. Agentless solutions represent an important advance in endpoint management; being able to inventory, scan, and remediate every device on the network without installing agents on each machine has made essential security functions, including patching and monitoring, much more accessible for all types of businesses. However, as the bright lines between on-premise and cloud, internal and external networks, work and personal devices continue to blur, we need a solution that goes with our mobile workers, however unpredictable and risky their digital journey may be.

Hybrid solutions that rely on a complementary combination of agentless capabilities and agent-based control features are the best match for the challenges of the mobile workforce. The information continuously collected from agentless inspection engines and deployed agents can be combined into a single holistic view of risk, vulnerability, and compliance. The scheduling of predefined inspections—including CVE scans and assessments, unauthorized app discovery, Windows patch validation, and agent validation—can be customized to the desired frequency and timing. User-defined inspections allow companies to check endpoints for risks particular to their business or compliance program. The latest patches for high-risk apps like web browsers and plug-ins can be automatically deployed, markedly limiting attackers’ window of opportunity to exploit known vulnerabilities.

For IT teams on the moving battleground of network and data security, the heightened situational awareness provided by a hybrid endpoint management solution is indispensable. Instead of rushing to put out raging fires, they can instantly survey the integrity of the IT landscape, proactively identify and close gaps, and continually enforce security policy. Being able to do all this without disrupting the productivity or flexibility of mobile workers helps maintain a healthy balance between opportunity and risk, a central challenge for every modern enterprise.

About the Author

With more than 30 years of successful entrepreneurial leadership and management experience, Dan Ross is responsible for strategic direction and day-to-day global management at Promisec. Promisec is a pioneer in endpoint visibility and remediation, empowering organizations to avoid threats and disarm attacks that can lead to unwanted headlines and penalties. Its technology assures users that their endpoints are secure, audits are clean, regulations are met, and vulnerabilities are addressed proactively.

Join the CSO newsletter!

Error: Please check your email address.

Tags LinuxCloudFlareWordpressdrupalcyber securityJetspeedAnonymousDDoS attacksProtonMailcmsAirOSGartnerISPsSSHBitcoinMagentoAmarda Collective

More about CiscoGartner

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dan Ross

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place