The original version of this post was published on SecurityWeek.
The former CISO of a large intelligence community agency once told me, “The number one challenge in IT Security is the carbon-based life form.” Needless to say, that comment has stuck with me as I read articles daily about hacks with their genesis found in credentials lifted from phishing schemes.
Given that background, I was asked recently if IT security awareness and cynical mistrust in engaging in confidential transactions online were generational. I believe the answer is absolutely. These generational differences affect IT security broadly and software security specifically.
Not to date myself terribly, but I remember the rise of the Automated Teller Machine (ATM). At that time, banking transactions required going through the drive through or – gasp – parking your car and physically entering the bank. Prosperous banks had an abundance of drive-through lanes, and in busy times such as paydays (no such thing as direct deposit), cars were three to six deep.
When the ATM was unveiled, it was an object of immediate distrust. At first, all you could do was remove cash and people fretted over what to do if the machine provided less money than requested. We were also introduced to the PIN and told to treat our number as a state secret. There were additional physical safety concerns with extracting cash while others hovered around the ATM.
Eventually, the convenience factor wore away cynicism and mistrust. Then the banks upped the stakes by allowing deposits via ATM machines, and cynicism and mistrust re-emerged. After all, you were placing your hard-earned check into a machine. Even though you got a receipt, the confidence that the machine would properly process your check was low. However, that mistrust eroded over time.
Jim Ivers is the senior director of marketing within Synopsys' Software Integrity Group where he leads all aspects of SIG's global marketing strategies, branding initiatives, and programs, as well as product management and product marketing. Jim is a 30-year technology veteran who has spent the last ten years in IT security. Prior to Synopsys, Jim was the CMO at companies such as Cigital, Covata, Triumfant, Vovici, and Cybertrust, a $200M security solutions provider that was sold to Verizon Business. Jim also served as VP of Marketing for webMethods and VP of Product Management for Information Builders.