July 2, 2015 By Diana Kelley 3 min read

In the third and final part of our interview series with Kelley Misata, we discuss millennials and their views on cybersecurity and risk communications, among other topics. Misata, a Ph.D. candidate at Purdue University, previously chatted with Security Intelligence about issues relating to privacy and risk communications as well as information security in the first and second installments.

Question: At Emerson College, you’re teaching students about surveillance, privacy and risk communications. Do you think there are fundamental differences between how Gen Xers and millennials view privacy and cybersecurity? How will that impact the security landscape in the next decade?

Answer: My time teaching at Emerson has been amazing, and I’ve been very fortunate to have students in my classes who are engaged and curious about these topics. There are some differences between how Gen Xers and millennials view privacy and cybersecurity that are very different from those of us who remember life before the Internet and smartphones.

Actually I would have to say there is a chasm more than just differences. Their lives are out there 200 percent online and in ways that many of them never give a second thought to because they haven’t had a need to think about it. Even with the news about widespread surveillance in our country, many of these students saw that as something that didn’t relate to their daily lives. Until we discussed it.

One exercise I had them do was, in one 24-hour period, count how many surveillance tools and technologies they came across; it was interesting to see them focus on the cameras they see around them but never considering the tracking being done online through online browsing, GPS locations, postings, etc. What was also interesting, and how I feel this is going to impact the future of the security landscape, is that often people just see things from one side. The beauty of conversations and learning is to help people see even controversial and scary things from two sides.

My students and I walked through several examples of how surveillance is used for the power of good as well as the power of evil. We discussed how technology is morally neutral, and at the end of the day, its impacts are about the people using it, about the people we trust with our information and about how we are showing up in the online space. If we persist in encouraging users to have narrow and somewhat naïve views of cybersecurity, then how can things move forward in a positive direction?

Any advice on what companies can do now to leverage and improve their privacy and risk communications practices from the lessons you’ve learned working with crisis centers and crisis management?

First, I encourage organizations to break down the silos between IT groups, security groups, marketing, communications, human resources and others. Though no one should expect to be an expert in all the fields, broadening the view and helping to drive more interdisciplinary conversations is essential in any environment. Everyone has something to bring to these conversations.

Second, though I know it’s frustrating for IT and security professionals to discuss technical concepts at an elementary level, bring in people like me who don’t mind doing that. We have to help more people understand how important security and privacy is today and into the future. Last, there are some exciting new approaches to crisis communications and management. The more we live in the digital realm, the more challenging this gets, but it’s not impossible to manage if you prepare.

I suppose the big message here is let’s not wait for something bad to happen to prepare. I learned a long time ago that you never know what is lurking out there, but thinking about it every day will drive you crazy. So we don’t have to sit in the land of paranoia every day, but raising the level of understanding and awareness in any organization can have huge payoffs.

Hear more from Kelley Misata in this exclusive podcast interview

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today