Millennials in the Machine

The Growing Cultural Impact of Millennials in the Federal Workforce 

by Michael Crouse, Sr. Director Business Solutions, Data & Insider Threat Security Business

How can federal agencies allow millennial workers access to their devices and social media, but also ensure that they have the security in place so that millennials can’t abuse these services?

Today, many federal agencies are simply not prepared for the ongoing influx of millennials into their workforce. Existing processes, procedures, and organizational structures limit the abilities of many federal agencies to collaborate and meet these emerging cyber and insider threats. Stove pipes remain within the federal government and processes have been very regimented, lacking the creativity and flexibility to adapt to a new world.

And of course, agencies used to assume that when a worker signs an NDA, the individual would abide by all the rules and processes despite the inconvenience to their personal lives. Employees would never think about violating the NDA or discussing internal politics outside the organization; discussing how their people interacted with data and systems would be a taboo subject.

But millennials have different expectations than their predecessors and are less willing to accept limitations for accessing their smartphones, the Internet and their social media such as Facebook, Instagram, Snapchat and others, in federal agencies. At the same time, the federal government is experiencing a talent deficit and needs to attract top notch expertise to secure the most sensitive networks and protect against inadvertent or malicious data theft.

Therein lies the challenge.  Many practitioners attempt to secure or block the use of new or popular technologies in the workplace with more technology. But technological solutions on their own can’t solve a problem with human behavior at its core. By thinking about how humans interact with technology and data – what we refer to as the ‘human point’ in security - we stop the endless pursuit of attacker-controlled inputs and instead focus on understanding the motives, intents, feelings, and actions of those closest to our data: users. Only by first understanding the problem from this perspective can the technologies that might address it be implemented appropriately.

Despite numerous presidential executive orders, memorandums and directives, there remains a hole in many agencies’ overall cyber plan to include processes, procedures and technologies to address the rising problem associated with insider threat breaches. Many agencies tell themselves that they have this covered with their traditional cyber security tools. But relying on old school processes and technology is not an effective strategy to provide enterprise visibility on how employees are interacting with sensitive data and networks.

The focus must be on the cultural changes regarding millennials’ security awareness. Agencies must be willing to change the status quo and adopt technologies that truly get to the heart of many security problems – user behavior.

The right solution should be human-centric, not technology-centric. Combining technologies such as endpoint monitoring with user behavior analytics provides a unique and powerful capability for federal agency cybersecurity teams to proactively reduce the risk of insider threat data breaches by protecting the human point of contact, where data is most valuable – and vulnerable.

In my next blog, I’ll talk about how federal agencies can close the technical and knowledge gap to get enterprise visibility of the workforce.

Hear more from Michael about the Millennial impact on insider threats at Forcepoint's Cybersecurity Leadership Forum Tuesday April 11th in Reston, VA.