Originally posted on SecurityWeek
The former CISO of a large intelligence community agency once told me, “The number one challenge in IT Security is the carbon-based life form.” Needless to say, that comment has stuck with me as I read articles daily about hacks with their genesis found in credentials lifted from phishing schemes.
Given that background, I was asked recently if IT security awareness and cynical mistrust in engaging in confidential transactions online were generational. I believe the answer is absolutely. These generational differences affect IT security broadly and software security specifically.
Not to date myself terribly, but I remember the rise of the Automated Teller Machine (ATM). At that time, banking transactions required going through the drive through or – gasp – parking your car and physically entering the bank. Prosperous banks had an abundance of drive-through lanes, and in busy times such as paydays (no such thing as direct deposit), cars were three to six deep.
When the ATM was unveiled, it was an object of immediate distrust. At first, all you could do was remove cash and people fretted over what to do if the machine provided less money than requested. We were also introduced to the PIN and told to treat our number as a state secret. There were additional physical safety concerns with extracting cash while others hovered around the ATM.
Eventually, the convenience factor wore away cynicism and mistrust. Then the banks upped the stakes by allowing deposits via ATM machines, and cynicism and mistrust re-emerged. After all, you were placing your hard-earned check into a machine. Even though you got a receipt, the confidence that the machine would properly process your check was low. However, that mistrust eroded over time.