Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

2/9/2021
01:00 PM
Liviu Arsene
Liviu Arsene
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

How Neurodiversity Can Strengthen Cybersecurity Defense

Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.

The cybersecurity skills shortage and workforce gap continue to be of concern to organizations. As they seek to protect digital assets by finding professionals with the right skills, demand remains higher than supply.

With recent surveys suggesting the cybersecurity workforce gap decreased in 2020 from previous years — from 4 million worldwide in 2019 to 3.1 million in 2020 — 28% of CISOs firmly believe that "serious disruptions" will occur if these roles are not filled. Around 76% of CIOs and CISOs believe the answer to this shortage lies in a more diverse skill set among those tackling cybersecurity tasks. Additionally, a third of infosec professionals agree that neurodiversity will make cybersecurity defenses stronger while also helping to eliminate bias in the industry.

Related Content:

(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity

Special Report: Special Report: Understanding Your Cyber Attackers

New From The Edge: AI and APIs: The A+ Answers to Keeping Data Secure and Private

Defining Diversity and Neurodiversity
Diversity is nature's way of increasing its odds of survival. It's a fact that genetic diversity helps maintain a healthy population and build up resistance to diseases, while allowing it to adapt to change. 

Neurodiversity is considered a natural genetic variation in the population and usually refers to the range of neurological differences in brain functions and behavioral traits, typically associated with social skills, learning ability, and mood. Commonly, individuals that diverge from the dominant societal standards of "normal" neurocognitive functioning are referred to as neurodivergent.

Since first introduced as a concept in the late '90s, neurodiversity has also become a social justice movement that seeks civil rights, equality, respect, and full societal inclusion for the neurodivergent. Regardless of the specific definition, the topic is typically associated with individuals that may be diagnosed with ADHD (attention deficit hyperactivity disorder) or on the autism spectrum and possess exceptional high pattern-recognition abilities, attention to detail, focus, and even outside-the-box thinking.

Diversity, including neurodiversity, in cybersecurity could improve an organizations' overall resilience to cyberattacks. Cybersecurity teams combining professionals with unique skill sets from different educational and social backgrounds, genders, ethnicities, and even with exceptional neurological abilities, can build the right pool of talent to tackle a wide range of cybersecurity challenges.

How Cybercriminals Leverage Diversity and Neurodiversity
Cybercriminals may have long embraced neurodiversity. With no rules on educational background or hiring practices, the cybercriminal community often simply seeks the person who can do the job best. It's likely that most cybercriminal gang members have different social backgrounds, are of different ethnicity or religion and possess differing levels of education, but that doesn't stop them from breaching some of the largest companies or pulling off massive digital heists. 

Consider the cybercriminals diagnosed with Asperger's syndrome who pulled off hacks against the Federal Bureau of Investigation, the US Army, the Missile Defense Agency, and the Federal Reserve. It's safe to speculate that diversity and neurodiversity are no strangers to cybercrime. 

Although there is little to no empirical evidence to suggest the relationship between autistic individuals and cyber-driven crimes, some studies have tried to find a link between cybercrime and gifted individuals. However, due to the nature of the Internet and cybercrime, it is difficult to find and prosecute these criminals, let alone study and assess their cognitive abilities.

Strengthening Cybersecurity Efforts
Four in 10 cybersecurity professionals believe communication remains one of the biggest barriers in the cybersecurity industry. Tech jargon brought into the boardroom can significantly hamper board members' understanding of the security risk their organization faces. This, in turn, can negatively affect security budgets because of the lack of perceived risk. 

Diversity of talent on cybersecurity teams could potentially solve this communication problem. Building teams with different skill sets ranging outside technical qualifications can have a positive impact. 

For example, instead of creating an all-tech team, each with their area of expertise, infosec leaders should consider adding a staff member who's an excellent communicator. He or she could translate technical details and present them in terms non-technical board members can understand, providing clear insight on the organization's security challenges, which in turn could lead to positive outcomes, including improved cybersecurity posture of the organization. Gaining buy-in from board members and achieving cybersecurity objectives is one goal where a non-technical member of a security team can be invaluable.

Incorporating neurodiversity into cybersecurity teams may have additional positive impacts. Employees that are uniquely skilled at finding patterns in seemingly unrelated data or relentlessly pursuing potential signs of data breaches could prove invaluable as part of companies' efforts to detect and respond to threats. While automation currently does most of the heavy lifting in spotting these anomalies, security team members with unique skills and attention to detail may contribute additional insights and correlations that validate findings and even improve tuning of automated systems.

Of course, there's no recipe for success in building diversity and neurodiversity into a cybersecurity team. Motivating people with different skill sets and from across the neurodivergent spectrum may prove challenging, but a growing number of CIOs and CISOs believe neurodiversity in the sector will help combat advanced persistent threats and cyberwarfare.

Striking the balance between using the best security technologies, automation, and people should be a goal for any organization when pursuing a more effective cybersecurity posture.

Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27099
PUBLISHED: 2021-03-05
In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improperly normalizes the path provided through the agent ID templating feature, which may allow the issuance of an arbitrary SPIFFE ID within the same trust domain, if the attacker controls the v...
CVE-2021-28038
PUBLISHED: 2021-03-05
An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during m...
CVE-2021-28039
PUBLISHED: 2021-03-05
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFI...
CVE-2021-28040
PUBLISHED: 2021-03-05
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.
CVE-2020-28502
PUBLISHED: 2021-03-05
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.