The Next Generation and Cyber Security

By William Beard, Jr on December 2, 2021

(By: William Beard on October 21, 2021)

Executive Summary

According to research recently published by the National Cybersecurity Alliance (NCSA), lack of cybersecurity training and education might be Millennials and Gen Z’s biggest threat to their future.  The research titled “Oh, Behave!” published in late 2021 shows some gaps in the cybersecurity education and training sector that could be the cause of current and future cyber incidents.  There are those that even say that this could be putting us far behind current threats from Russia and China.    

Background

It is no secret that cyber crimes have been on the rise over the past few years, and they are showing no signs of slowing down.  So much of the country’s critical infrastructure is tied into the internet and can be accessed by cyber criminals, because of this Millennials and Gen Z have a new challenge when it comes to defending their future against adversaries.  This is where NCSA comes in with their current research.

The NCSA is an organization dedicated to building “strong public/private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work and school with the information they need to keep themselves, their organizations, their systems and their sensitive information safe and secure online and encourage a culture of cybersecurity” [5].  Its board of directors is made up of cyber security specialists from private sector companies such as Microsoft, Facebook, Lenovo, Visa, Mastercard, USBank and Wells Fargo, among others.  In “The Annual Cybersecurity Attitudes and Behaviors Report 2021” published by NCSA they take an in depth look at the attitudes and behaviors of two thousand United Sates (US) and United Kingdom (UK) respondents to their survey. 

In the survey NCSA focused on six key areas of cybersecurity [1].

  1. Creating and managing passwords
  2. Applying Multi-Factor Authentication (MFA)
  3. Installing the latest updates
  4. Checking message legitimacy
  5. Recognizing and reporting phishing
  6. Backing up data

From these six key areas NCSA found that “64% of the participants reporting that they didn’t have access to any kind of cybersecurity advice or training. Of those participants with access to cybersecurity training, most made use of it (73%), demonstrating people’s willingness to learn” [1].  What this means is that if provided with proper education and training people would take advantage of it which could help protect our critical infrastructure.

Impact

With the rise in cyber attacks and the lack of education and knowledge in the younger generations, this is leading to a huge gap in the ability of companies and the federal government to defend against these attacks.  The lack of support from the federal government also looks to be causing cyber specialists to resign like the US Air Force and Space Forces former Chief Software Officer Nicolas Chaillan.  Chaillan stated on his LinkedIn page that “I am just tired of continuously chasing support and money to do my job.  My office still has no billet and no funding, this year and the next” [6].  During an interview with the Financial Times Chaillin also stated that “We have no competing fighting chance against China in fifteen to twenty years.  Right now, it’s already a done deal; it is already over in my opinion” [2].

Mitigation

Education and training are by far the biggest mitigation factors that could be improved when it comes to cybersecurity.  Proper funding for the cybersecurity sector for education and training of the future generations would be a step in the right direction.  Having a well-trained work force that can help defend a company’s cyber environment would help protect the US’s critical infrastructure. 

Relevance

The increase in ransomware attacks on critical infrastructure has shown the public just how weak our defenses are and that we need to bolster those defenses.  The problem is that the US might already be behind the curve in education and training.  The Internet of Things (IoT) has increased the need for cybersecurity education and training not only for professionals but also for the everyday IoT user.  If cybersecurity education and training are not funded better and made more of a priority than the US will fall further behind its adversaries in the coming years.

References

[1] https://staysafeonline.org/wp-content/uploads/2021/09/Oh-behave-The-Annual-Cybersecurity-Attitudes-and-Behaviors-Report-2021.pdf

[2] https://www.businessinsider.com/pentagon-official-quit-saying-us-cybersecurity-no-match-china-2021-10

[3] https://www.govinfosecurity.com/cisa-to-access-agencies-endpoints-help-enhance-security-a-17723

[4] https://securityboulevard.com/2021/10/publics-knowledge-of-cybersecurity-best-practices-sorely-lacking/

[5] https://staysafeonline.org/

[6] https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan?trk=public_profile_article_view