Embrace DEI intersectionality for effective cybersecurity This blog post was authored by Jon Krabacher - Associate Director, Security and Privacy on Protiviti's technology insights blog.At a glanceThe big picture: The role of a cyber incident responder is more critical than ever as these professionals are tasked with protecting organisations from cyber threats, mitigating risks and minimising the impact of security incidents.Why it matters: One of the often-overlooked aspects of becoming a better cyber incident responder is the integration of diversity, equity and inclusion (DEI) intersectionality into the responder’s mindset and approach.The role of a cyber incident responder is more critical than ever as these professionals are tasked with protecting organisations from cyber threats, mitigating risks and minimising the impact of security incidents. As cyber threats continue to proliferate, targeting organisations of all sizes and sectors, it is imperative for cyber incident response (CIR) teams to be well prepared at mitigating threats. One of the often-overlooked aspects of becoming a better cyber incident responder is the integration of diversity, equity and inclusion (DEI) intersectionality into the responder’s mindset and approach. DEI intersectionality can translate to more effective and empathetic cyber incident responders and, as a result, increase the overall effectiveness of any CIR program. Topics Cybersecurity and Privacy What is DEI intersectionality?DEI intersectionality is the interconnectedness of various aspects of an individual’s identity, including but not limited to race, gender, sexual orientation, age, disability and socio-economic background. One of the primary benefits of incorporating DEI intersectionality into CIR teams is gaining a broader understanding of diverse perspectives. Cyber threats and security vulnerabilities affect individuals from all walks of life, and their experiences and concerns vary greatly. A cyber incident responder who recognises the importance of DEI intersectionality is better equipped to appreciate the unique challenges faced by different groups within an organisation or society.Communication and collaborationEffective communication and collaboration are crucial components of successful incident response. DEI intersectionality can improve communication by fostering an environment where all team members feel valued and heard. When team members come from diverse backgrounds and bring unique perspectives to the table, they can contribute different insights that lead to more effective CIR strategies. For example, a CIR team with various technical backgrounds (IT infrastructure and networking, threat intelligence, security operations, law enforcement, etc.) can leverage that diversity as cyber incidents overlap into various domains. Furthermore, a diverse team of cyber incident responders can connect with a broader range of stakeholders within an organisation. They can better engage with employees, executives and clients from various backgrounds, making it easier to convey the importance of cybersecurity and compliance measures. This improved communication can lead to stronger relationships and more robust security practices.Problem solving and bias mitigationCyber incidents are multifaceted, often requiring creative and adaptable solutions. A diverse team of responders, each bringing their unique perspectives and skills, can brainstorm innovative solutions more effectively. DEI intersectionality fosters diversity of background, experience and thought, which can significantly enhance a responder’s ability to tackle these challenges. Diverse teams bring a broader range of ideas and approaches to the table, leading to more innovative and effective solutions.Embracing DEI intersectionality also plays a crucial role in reducing biases in incident response. Unconscious biases can influence decision-making; leading responders to jump to conclusions, make false assumptions and waste valuable time. A responder who practices mindfulness of their own biases is better equipped to recognise potential biases in their team’s decisions, is better equipped to make impartial judgments, and ensures a more defensible incident outcome. During a cyber incident, being able to step back and differentiate what are facts (based solely on data), what is an assessment (based on limited data, intelligence and/or experience) and what are feelings (not based on data, intelligence or experience) is imperative for defensible incident response. Encouraging individuals to question assumptions and consider alternative viewpoints is invaluable in cybersecurity, where threat actors constantly adapt and evolve. By embracing a variety of perspectives, responders can better anticipate emerging threats and stay one step ahead of cyber threat actors.Empathy and resilienceDEI intersectionality can also foster empathy and resilience in cyber incident responders. Understanding the intersectional experiences of others can lead to a greater sense of empathy and compassion, which are essential qualities for dealing with the aftermath of a cyber incident. The ability to adapt and respond effectively to cyber incidents often requires resilience. Often cyber incidents can last weeks, with long working hours, time away from family and friends and meeting people for the first time under the most stressful of circumstances. Cyber incident responders who embrace DEI intersectionality are better prepared to approach incidents with an empathetic mindset, adapting their strategies to address the unique challenges presented by different incidents and impacted groups.Moving the needleSo where do we go from here? As the cyber threat landscape continues to evolve, incident responders must evolve as well. Embracing DEI intersectionality is a powerful step toward becoming a more effective cyber incident responder and strengthening the overall team. Here are some actionable steps to integrate DEI intersectionality into a CIR approach:Invest in DEI training and education. Understand the unique challenges and experiences each individual brings and foster an atmosphere of empathy and inclusivity so that others feel comfortable sharing their stories.Encourage and promote diversity within the incident response team. A diverse team brings a variety of perspectives and skills to the table, enhancing problem-solving capabilities.Review and update incident response plans to ensure they are inclusive and considerate of the intersectionality of those affected by cyber incidents.Continuously work on recognising and mitigating biases in decision-making processes. Encourage open discussions about bias and assumptions within the team.Embracing DEI intersectionality has the potential to transform cyber incident responders into more effective, empathetic and inclusive professionals. By understanding the diverse identities and experiences of victims, perpetrators and responders; incident responders can better assess threats, communicate more effectively and develop more inclusive response strategies. Embracing DEI intersectionality is not only a moral imperative but also a strategic advantage in the complex and ever-changing cybersecurity landscape.To explore similar topics around diversity, equity and inclusion in the cybersecurity space, read our blog series on diversity in cybersecurity.Read the results of our 2023 Global IT Executive Survey: The Innovation vs. Technical Debt Tug-of-War.To learn more about our cybersecurity solutions, contact us. Find out more about our solutions: Cybersecurity Consulting From the speed of innovation, digital transformation, and economic expectations to evolving cyber threats, the talent gap, and a dynamic regulatory landscape, technology leaders are expected to effectively respond to and manage these competing priorities. Leadership Michael Pang Michael is a managing director with over 20 years’ experience. He is the IT consulting practice leader for Protiviti Hong Kong and Mainland China. His experience covers cybersecurity, data privacy protection, IT strategy, IT organisation transformation, IT risk, post ... Learn More Alan Wong Alan is a director at Protiviti Hong Kong with over 21 years of experience in IT and security solutions and project management. He specialises in IT governance, risk assessment, regulatory compliance, and cybersecurity assessment and consulting. He also has an extensive ... Learn More Featured insights BLOGS Developing a security function during a CISO’s first 100 days These turbulent times of evolving threats and rising personal responsibility considerations for cybersecurity leaders make the CISO role a challenging but rewarding position. The CISO must contend with an increasing sophistication of attacks,... BLOGS Tackling gender bias: Women in cybersecurity Cybersecurity is distinguished not only by a talent shortage but also by having a predominantly male workforce. Women are in the minority on most cybersecurity teams that have women at all, so when they experience gender bias, they’re likely to be... BLOGS Achieving Diversity’s Benefits in Cybersecurity Could any security organisation benefit from greater innovation? Or from responding more effectively to diverse internal customers? How about benefitting by retaining the talent its leaders have so carefully nurtured, by accessing more diverse... BLOGS A Guide to pen testing and red teaming: What to know now Penetration testing and red teaming are essentialcybersecuritypractices that bolster an organisation’s security posture by uncovering vulnerabilities within their systems, networks, and people or business processes. These methodologies... BLOGS The importance of dark web monitoring In today’s interconnected world, where adversaries seem to always be one step ahead, companies face an increasingly complex threat landscape. One of the most challenging and often overlooked threats is the dark web, an intentionally hidden part of... BLOGS Enhancing cyber capabilities using a threat-driven strategy Senior leaders focused oncybersecurityrecognise there is considerable guidance, best practices, frameworks, regulations and varied opinions on how programmes should design defensive capabilities. In addition, depending on the day, the... Button Button