By Joep Gommers, Founder and CEO at EclecticIQ
The weak link in the cybersecurity chain is usually a human one, with the most frequent enabler of cybersecurity breaches caused by human error. Whether it’s clicking on an unsolicited link or failing to properly safeguard passwords, simple slip ups can have major consequences later down the line. While some of these errors are easier to be fixed than others, one way businesses can help to protect themselves against attacks is to diversify their cybersecurity team. To give themselves the best chance against attacks, organisations need to create a robust culture of digital safety within their organisation, which all starts with diversity.
How can we expect a cybersecurity team that is homogenous in its composition, in its mindset and decision-making, to protect an employee base of varying ages, genders, and social, ethnic and cultural backgrounds?
Eyes on the target: the workforce
While the majority of today’s cyber-attackers target people, they ways in which they do so can vary greatly. Attacks take place in varying guises, across different channels, with objectives that aren’t always immediately obvious. Some may attempt to trick employees into clicking on malicious links or opening unsafe attachments, whereas others may be more elaborate, impersonating banks or financial companies in an effort to persuade people to share their personal details or login information. To understand how to put up the best defence against these attacks, we must first try to understand the people that are targeted.
While there is no set criteria, there are a few correlations. than those in higher-level roles, for example. Research also found that a large proportion of malware and credential phishing attacks were .
The UK work force is a mixed bag in terms of gender and ethnicity, with , while 85.6% of people of working age (16 to 64 years) identify as belonging to White ethnic groups, 8.1% Asian, 3.4% Black, 1.8% of mixed ethnicity and 1.1% from other ethnic groups.
Education levels are another major variable within the workforce. University graduates account for , with 21% educated to A-Level standard, one fifth (20%) holding GCSE grades A-C or equivalent and just 17% with no formal qualifications. As an increasing number of 18-24 year olds enter into employment and more people continuing to work for longer, sometimes into their 70’s, the employee age span is widening, and for the first time since the industrial revolution, we have .
A diverse workforce is a safe one
To protect end-users and the companies they work for, cybersecurity teams must reflect the wider workforce. A lack of diversity within teams can result in narrow-minded thinking and a blinkered approach to threat detection, resulting in poor decision making. A team that is made up of older, more experienced cybersecurity professionals, for example, may make the assumption that the younger, more digitally savvy generation has a clear understanding of common cyber threats, but we know this is not necessarily always true.
Lack of gender diversity is still an issue in many cases, with women accounting for less than a quarter This aspect needs to be considered, too, as it could mean that threats are assessed from a largely male perspective. Majority-male teams typically gauge risk in a different way to those with a more balanced female influence, which can lead to biased approaches in both training and execution
Homogeneous trams can also be a significant hinderance to processes and decision making, whether it’s through a lack of age, gender, educational or ethnic diversity. A recent study of over 200 teams over the course of two years found that the more inclusive teams made . The teams that practiced an inclusive decision-making process were also found to make decisions twice as fast, and deliver better results by up to 60%.
Bridging the diversity gap
It’s unsurprising that the cybersecurity industry is in the middle of a significant skills shortage, with a shortfall of – with almost two thirds (59%) of organisations reported to be at an extreme or moderate risk due to a lack of cybersecurity professionals. To be in with a chance of bridging this gap and mitigating the risk that comes along with it, businesses need to broaden their horizons when it comes to recruitment.
Instead of recruiting to make up the numbers, businesses need to take greater consideration when it comes to hiring their cybersecurity teams to ensure they’re capable of protecting the increasingly diverse workforce from increasingly diverse online threats.