Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

01:00 PM
Liviu Arsene
Liviu Arsene
Connect Directly
E-Mail vvv

How Neurodiversity Can Strengthen Cybersecurity Defense

Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.

The cybersecurity skills shortage and workforce gap continue to be of concern to organizations. As they seek to protect digital assets by finding professionals with the right skills, demand remains higher than supply.

With recent surveys suggesting the cybersecurity workforce gap decreased in 2020 from previous years — from 4 million worldwide in 2019 to 3.1 million in 2020 — 28% of CISOs firmly believe that "serious disruptions" will occur if these roles are not filled. Around 76% of CIOs and CISOs believe the answer to this shortage lies in a more diverse skill set among those tackling cybersecurity tasks. Additionally, a third of infosec professionals agree that neurodiversity will make cybersecurity defenses stronger while also helping to eliminate bias in the industry.

Related Content:

(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity

Special Report: Special Report: Understanding Your Cyber Attackers

New From The Edge: AI and APIs: The A+ Answers to Keeping Data Secure and Private

Defining Diversity and Neurodiversity
Diversity is nature's way of increasing its odds of survival. It's a fact that genetic diversity helps maintain a healthy population and build up resistance to diseases, while allowing it to adapt to change. 

Neurodiversity is considered a natural genetic variation in the population and usually refers to the range of neurological differences in brain functions and behavioral traits, typically associated with social skills, learning ability, and mood. Commonly, individuals that diverge from the dominant societal standards of "normal" neurocognitive functioning are referred to as neurodivergent.

Since first introduced as a concept in the late '90s, neurodiversity has also become a social justice movement that seeks civil rights, equality, respect, and full societal inclusion for the neurodivergent. Regardless of the specific definition, the topic is typically associated with individuals that may be diagnosed with ADHD (attention deficit hyperactivity disorder) or on the autism spectrum and possess exceptional high pattern-recognition abilities, attention to detail, focus, and even outside-the-box thinking.

Diversity, including neurodiversity, in cybersecurity could improve an organizations' overall resilience to cyberattacks. Cybersecurity teams combining professionals with unique skill sets from different educational and social backgrounds, genders, ethnicities, and even with exceptional neurological abilities, can build the right pool of talent to tackle a wide range of cybersecurity challenges.

How Cybercriminals Leverage Diversity and Neurodiversity
Cybercriminals may have long embraced neurodiversity. With no rules on educational background or hiring practices, the cybercriminal community often simply seeks the person who can do the job best. It's likely that most cybercriminal gang members have different social backgrounds, are of different ethnicity or religion and possess differing levels of education, but that doesn't stop them from breaching some of the largest companies or pulling off massive digital heists. 

Consider the cybercriminals diagnosed with Asperger's syndrome who pulled off hacks against the Federal Bureau of Investigation, the US Army, the Missile Defense Agency, and the Federal Reserve. It's safe to speculate that diversity and neurodiversity are no strangers to cybercrime. 

Although there is little to no empirical evidence to suggest the relationship between autistic individuals and cyber-driven crimes, some studies have tried to find a link between cybercrime and gifted individuals. However, due to the nature of the Internet and cybercrime, it is difficult to find and prosecute these criminals, let alone study and assess their cognitive abilities.

Strengthening Cybersecurity Efforts
Four in 10 cybersecurity professionals believe communication remains one of the biggest barriers in the cybersecurity industry. Tech jargon brought into the boardroom can significantly hamper board members' understanding of the security risk their organization faces. This, in turn, can negatively affect security budgets because of the lack of perceived risk. 

Diversity of talent on cybersecurity teams could potentially solve this communication problem. Building teams with different skill sets ranging outside technical qualifications can have a positive impact. 

For example, instead of creating an all-tech team, each with their area of expertise, infosec leaders should consider adding a staff member who's an excellent communicator. He or she could translate technical details and present them in terms non-technical board members can understand, providing clear insight on the organization's security challenges, which in turn could lead to positive outcomes, including improved cybersecurity posture of the organization. Gaining buy-in from board members and achieving cybersecurity objectives is one goal where a non-technical member of a security team can be invaluable.

Incorporating neurodiversity into cybersecurity teams may have additional positive impacts. Employees that are uniquely skilled at finding patterns in seemingly unrelated data or relentlessly pursuing potential signs of data breaches could prove invaluable as part of companies' efforts to detect and respond to threats. While automation currently does most of the heavy lifting in spotting these anomalies, security team members with unique skills and attention to detail may contribute additional insights and correlations that validate findings and even improve tuning of automated systems.

Of course, there's no recipe for success in building diversity and neurodiversity into a cybersecurity team. Motivating people with different skill sets and from across the neurodivergent spectrum may prove challenging, but a growing number of CIOs and CISOs believe neurodiversity in the sector will help combat advanced persistent threats and cyberwarfare.

Striking the balance between using the best security technologies, automation, and people should be a goal for any organization when pursuing a more effective cybersecurity posture.

Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-25
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
PUBLISHED: 2021-02-25
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
PUBLISHED: 2021-02-25
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
PUBLISHED: 2021-02-25
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.