An interesting article was published this week in the tech news site Dark Reading, contributed by Connectwise Threat Researcher Bryson Medlock, that examines the relationship between being swindled by a phishing attack and age. One might expect it to be common knowledge that tech users who are aging will be more prone to phishing. After all, computers were not a major factor of life for the oldest portion of the working population; those entering the workforce for the first time now have been surrounded by computers—for better or worse—their entire lives.
Be careful with assumptions! Based on the author’s findings, older age does not appear to correlate with likelihood of falling for a phishing attack.
The piece divides tech users into populations based on generations: Baby Boomers (born 1946-1964), Gen X (born 1965-1980), Millenials (born 1981-1996), and Gen Z (also called Zoomers, born 1997-2012).
I encourage you to read the article in full, but there are two key portions that I find very interesting. The first is in regards to likelihood that an employee will follow the IT standards as developed by his/her business or organization:
[A] 2018 Ponemon Institute report reveals that 90% of workers over 45 said they follow their company’s cybersecurity policy. In sharp contrast, 34% of zoomers said they don’t know or understand their company’s cybersecurity policies. Additionally, a 2019 study done by Santander found that 82% of people under 30 have fallen for online purchase scams, while that number dropped to only 57% for those over 30.
The author contributes this trend to older generations being a bit more suspicious and untrusting of technology while younger generations are more trusting and, as a result, more reckless and complacent.
Another study by Atlas VPN found that 23% of zoomers and millennials have fallen for a phishing attack, while only 19% of Gen Xers and 9% of baby boomers have done the same. Even more concerning, 52% of zoomers and millennials have had a password stolen, which is true for only 37% of Gen Xers and 12% of baby boomers.
There are two primary questions from this second set of statistics that come to mind (and are likely included in the full study, which I admittedly have not read). The first concerns the overall samples: were equal numbers of each age group included? Since the conduct of a fair survey would require this, I tend to believe that, most likely, age groups were represented equally. The second, however, is a bit harder to determine without the study examining each incident in-depth: Do the researchers know whether each incident of a phishing attack is accounted for? It might be a fair conclusion that folks less familiar with technology may also be less aware of a privacy breach.
Despite these questions, I believe these studies show that phishing attacks are a problem for all ages and the importance of company cybersecurity staff training is paramount. We’ve examined in past blogs how rampant attacks are, and that the frequency is increasing day after day.
Luckily, our partners at KnowBe4 have offered resources to help. Get your KnowBe4 Cybersecurity Awareness Month resource kit before it’s too late! Additionally, the Federal Trade Commission has offered guidelines for helping to protect small business. The National Cybersecurity Alliance hosts StaySafeOnline, a site dedicated to cybersecurity. The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency hosts resources celebrating Cybersecurity Awareness Month.
If it seems like too much, don’t despair. You’re among thousands of other small business owners, stakeholders, and employees that need a little help in fortifying their business or organization’s cyberdefenses. Waiting until it’s too late is no longer an option…GET IN TOUCH or give us a call today!