Armond Caglar, senior threat specialist at TSC Advantage, agrees that the majority of social media users, who willingly surrender their personally identifiable information (PII), are Millennials. But, he noted, millions in other age groups do so as well.
He said LinkedIn, the career networking site, tends to be used by older workers and is arguably more dangerous than Facebook or Snapchat since, "the biographic, educational and personal data that is volunteered here is way more valuable to a potential adversary than an Instagram shot of a Millennial's brunch on a Sunday morning."
Cagler is also among numerous experts who have pointed out that many corporate executives, "ignore the perils associated with using free Wi-Fi or willfully abandon certain security best practices when traveling internationally."
Andrew Deacon, channel sales engineer EMEA at Hexis Cyber Solutions, also said he thinks the issue is larger than a single demographic group. "It is how technology and social media has changed the rules of society," he said, arguing that online and face-to-face interactions are, "totally different."
Most people would never give a stranger on the street their banking information, even if he promised to put money in their account. But online, "a lot of people would send their bank details."
That, he said, is because, "online, we lack non-verbal communication cues that subconsciously give away a person's true intentions. We have also been told from an early age to be wary of strangers offering you candy."
Online, "most people share all sorts of data and nothing bad happens right? So they think it must be safe."
And Perry Dickau, director of product management at DataGravity, said it is human nature to ignore risks that haven't caused any damage yet.
"Many organizations still choose to be reactive to situations rather than to proactively try to prevent them, and why should they? From their perspective it's a tedious, costly proposition with questionable yield," he said.
Dickau and others say that blaming Millennials is not going to fix the problem it will take an organization-wide effort.
"For data security solutions to actually work, it's extremely important that they don't disrupt user productivity in fact they should promote their freedom. There are technologies out there that can achieve this," Avanessian said.
Dickau said it will take a combination of technology and awareness training. "Fundamentally, data is exposed and vulnerable at the moment it is created, by default creating a requirement to protect and secure it whenever it is stored," he said, adding that while training is also crucial, "it is just another piece in the overall security puzzle.
"Technology will only supplement the human element in any security, privacy, and compliance equation," he said. "The two elements need each other to work successfully one cannot replace the other."
Sign up for CIO Asia eNewsletters.