Human error is the most frequent enabler of cybersecurity breaches, creating a weak spot for criminals to exploit. However, some of these errors can be easier eliminated than others.
Whether clicking on an unsolicited link or failing to safeguard passwords, people are the root cause of many successful attacks. They’re also a large part of the problem when it comes to cyber defence.
People are the frontline
Companies could repel the vast majority of cyber scams by creating a robust digital safety culture within their organisation, which all starts with diversity. For an organisation to protect its business, it must protect its people, and as the workplace becomes more and more diverse, this becomes more of a challenge.
Women are still a minority within cybersecurity teams, for example. But it’s not just gender diversity that’s the issue; how can we expect that a cybersecurity team that is homogenous in its composition, its way of thinking and decision-making to protect an employee-base made up of a range of ages, genders, and social, cultural and ethnic backgrounds?
Understanding the workforce
Many of today’s attackers primarily target people, albeit in varying ways.
Attacks are made under varying guises, across a range of channels, with objectives that aren’t always obvious. Some may trick employees into opening unsafe attachments or clicking on malicious links, others may go as far as impersonating banks or financial companies in a bid to trick customers into sharing their personal details or login information.
In order to understand how best to protect against these attacks, we must first try to understand the people that are being attacked, and while there is no set formula, there are a few correlations.
Typically, lower-level workers are more likely to receive phishing emails than those in higher-level roles. Research suggests that a significant proportion of malware and credential phishing attacks were also found to be targeted towards generic email accounts.
In the UK, the employees on the front line of such attacks are far from uniform. Just under half of the workforce is female, while 85.6% of people of working age (16 to 64 years) identify as belonging to White ethnic groups, 8.1% Asian, 3.4% Black, 1.8% of mixed ethnicity and 1.1% from other ethnic groups.
Education levels are another major variable within the workforce. University graduates account for 42% of the UK labour force, with 21% educated to A-Level standard, 20% holding GCSE grades A-C or equivalent and just 17% with no formal qualifications.
With an increasing number of 18-24-year-olds in employment and more people continuing to work into their 70’s, the employee age span is widening, and for the first time since the industrial revolution, we have five generations in the workforce.
Safety in diversity
In order to protect end-users and the organisations they work for, cybersecurity teams must be reflective of the wider workforce. Lack of diversity within teams can lead to a narrow-minded approach to threat detection and facilitate poor decision making.
For example, a team that is made up of older, more experienced cybersecurity professionals may assume that the younger, more digitally savvy generation has a clear understanding of common cyber threats – but we know this is not always the case.
A lack of gender diversity can also have far-reaching consequences. Women account for less than a quarter (24%) of the total cybersecurity workforce, meaning that there is a high chance that threats are assessed from a primarily male perspective.
For example, male-orientated teams typically gauge risk differently to those with a more balanced female influence, which can lead to biased approaches in both training and execution. What’s more, processes and decision making can be severely hindered by homogenous teams, whether it’s through a lack of age, gender, ethnic or education diversity.
A recent study of over 200 teams over the course of two years found that the more inclusive teams made better decisions up to 87% of the time. The teams that practised an inclusive decision-making process were also found to make decisions twice as fast, and deliver better results by up to 60%.
Closing the gap
The cybersecurity industry is in the midst of a severe skills shortage, with a shortfall of almost three million skilled workers – with over half (59%) of organisations reported to be at extreme or moderate risk due to a lack of cybersecurity professionals.
To be in with a chance of closing this gap and mitigating the risk that comes along with it, businesses need to cast their nets far and wide when it comes to recruitment. Instead of making hires to make up numbers, businesses need to take greater consideration when it comes to building their cybersecurity teams to ensure they’re capable of protecting the increasingly diverse workforce from increasingly diverse online threats.
Share this story