Wednesday 3rd March 2021
BLOG: Why Diversity Is Crucial For Threat Intelligence Teams
Workplace diversity is often supported for ethical or moral reasons and there are also a number of studies which have confirm that diverse teams perform better. Companies who have women in their leadership teams perform better than companies that don’t, often by significant margins. Greater diversity in our cybersecurity teams can also help us protect the increasingly broad range of employees that make up the workforce. If we want to protect our organisations, we must protect our people, and as the workplace grows ever-more diverse, that becomes more of a challenge. As the threats we face become more diverse alongside so too must the teams we put in place to defend against them.
Cybersecurity teams must be representative and reflective of the world and the wider workforce. The inability to create and build diverse teams can lead to a limited approach to threat detection, produce hazardous assumptions in end-user understanding and enable inadequate judgment making. Diversity within teams welcomes various outlooks on situations and circumstances that may require a wider view.
The case for diversity
There are countless examples of mistakes made in business, due to a lack of diversity within the team. Women are 73% more likely to be injured in a car accident than a man even when allowing for all other controllable factors. Researches attribute this to a lack of female participation in safety tests and a lack of a suitable female crash test dummy. Excluding women from teams makes us all less safe. Women shop online and work for our businesses. Communicating cybersecurity to women is just as important as communicating it to men and it’s important that our teams are able to communicate effectively. Having a diverse cybersecurity team can help with that.
A recent study of over 200 teams across two years found the more inclusive to make better decisions up to 87% of the time. Research in 2019 found that women account for just 24% of the total cybersecurity workforce. Not least because male-oriented teams are known to gauge risk differently to those with a greater female influence, potentially leading to gaps in cybersecurity training.
Representation is vital in cybersecurity, both for teams to match the diversity of those carrying out cyber-attacks as we are past the days of ‘generic’ and ‘traditional’ threat actors, the cyber-sphere is constantly changing and it is important to match that change, but also to embody the groups they are protecting and defending. A previous diversity concern was the lack of diversity can lead to gaps in cybersecurity training due to assumptions in end-user knowledge. Having a range of ages in a team additionally results in a valuable variety of skill sets. For example, cyber professionals with long-term exposure may have greater experience with malware, whereas younger team members may be more educated about modern threats, however with rising numbers of 18- to 24-year-olds in employment and the number of over-70s in the workforce more than doubling in the last decade, the UK’s employees span an increasingly wide age range, it seems that the age diversity concern is slowly decreasing but this still leaves a long list of underrepresented groups such as gender diversity.
We often assume that Black Hat Hackers are men; an image that is reinforced when we use certain images to portray cybersecurity. While there are less notorious women Black Hats, they do exist. If we are trying to predict the actions of a diverse group of people, it’s important that we have an equally diverse group analysing their actions.
Diversity of thought as well as gender
Diversity within threat intelligence teams is not just about gender. While gender is an important factor, it is important that we have diverse thought and perspective in our analytical teams. When considering how the cybersecurity industry is composed, we find that 32% are between the ages of 24 and 35, at least 77% have an associates degree level of education. While Covid-19 may change the locality of the workforce, it is typical for threat intelligence analysts to live near major cities. Where teams are made up of people from a similar demographic, the potential for diverse thinking is reduced.
How we think
A degree level education, teaches individuals how to think critically and how to conduct analysis suitable for academia. These are useful skills but not all threat actors will have had that education or will think in the same way. Without diversity of thought within the team, analysts may overlook patterns that do not fit with the way of thinking they are used to. Individuals are often taught to look for patterns, or to be aware of international politics that may give rise to new risks. It is possible to create patterns and causes that do not exist in reality and introducing diverse perspectives can help teams to consider alternative options.
Cyber threat intelligence teams will spend their time investigating and reporting on global threat actors. It is part of the role to consider the motivations of these groups but it is equally important to recognise their motivations may be different to what we would consider to be rational. Individuals from different cultures may be motivated differently to us. Considering their rationale is important for trying to predict their actions and this can be challenging if your threat intelligence team is made up of individuals with one perspective.
Why language skills are important
Language skills and building a team of diverse nationalities can help cyber threat intelligence teams become stronger. The threats that organisations face are international and being able to understand the language that threat actors use, including the nuances that come with being a native speaker, can provide better analysis. Native speakers may also be able to identify cultural references specific to that country. One such example is the Snowglobe malware, also known as Babar. The Babar reference allowed investigators to attribute this to the French intelligence service as Babar is a popular French television show.
Not only is it important to build a team with diverse perspectives but it is important to continue to introduce new perspectives to the team. As individuals gain more experience, their confidence grows. That experience allows them to draw conclusions more quickly but can also lead them to overlook insights that do not fit with their chosen narrative. Experienced individuals can become resistant to challenge from newer or less experienced team members. Continuing to introduce new perspectives and encourage challenge within the team can help avoid this issue.
When developing a better understanding of a threat actor or group, being able to see the threat through the lens of a cybersecurity expert (tactics, techniques, and procedures), a traditional intelligence or law enforcement analyst (motives and likely next steps), and a data scientist (big data trends) will often result in a wholistic picture that is lost when teams only see problems from any one of these points of view.
The way forward
Previous research found that women made up only 11% of the world’s information security workforce, and just 1% of its leadership but, we are now seeing that women are now being promoted to executive cybersecurity positions more than ever before, this shows that gender diversity may soon be a worry of the past or at least the idea that many are more open to the idea of women being integrating within the cybersecurity sector. This change may be promoted by the necessity of unfilled job positions, but it is a positive trend that will hopefully continue.
The war for talent in cybersecurity is undeniable. Finding candidates with the right skill set can be difficult, it can be even more difficult when the factor of gender inequality is included. There are many options available to analyse your documents to see if they are equally appealing to men and women and considering how much of your job description is a must-have and how much is nice to have. There are many job descriptions that are unachievable wish lists and there is research to support claims that this makes women less likely to apply.
Diversity should not be a means of “making up the numbers” or “appearing inclusive”, it should be authentic. To have any chance of closing this gender gap, we need to cast our net far and wide. Not just to make up the numbers but to build teams capable of protecting the increasingly diverse workforce from increasingly diverse threats. Lack of diversity in the industry has far-reaching consequences that could put the organizations we strive to protect at risk.
Anita Bielicka, Cyber Threat Intelligence Researcher at Orpheus Cyber gave a presentation during CTIPs Conference discussing the importance of diversity in analytical teams, to view click here
Get our latest cyber intelligence insights straight into your inbox
Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.