Embrace DEI intersectionality for effective cybersecurity

This blog post was authored by Jon Krabacher - Associate Director, Security and Privacy on Protiviti's technology insights blog.

At a glance

The big picture: The role of a cyber incident responder is more critical than ever as these professionals are tasked with protecting organisations from cyber threats, mitigating risks and minimising the impact of security incidents.

Why it matters: One of the often-overlooked aspects of becoming a better cyber incident responder is the integration of diversity, equity and inclusion (DEI) intersectionality into the responder’s mindset and approach.

The role of a cyber incident responder is more critical than ever as these professionals are tasked with protecting organisations from cyber threats, mitigating risks and minimising the impact of security incidents. As cyber threats continue to proliferate, targeting organisations of all sizes and sectors, it is imperative for cyber incident response (CIR) teams to be well prepared at mitigating threats. One of the often-overlooked aspects of becoming a better cyber incident responder is the integration of diversity, equity and inclusion (DEI) intersectionality into the responder’s mindset and approach. DEI intersectionality can translate to more effective and empathetic cyber incident responders and, as a result, increase the overall effectiveness of any CIR program.

Topics

Cybersecurity and Privacy

What is DEI intersectionality?

DEI intersectionality is the interconnectedness of various aspects of an individual’s identity, including but not limited to race, gender, sexual orientation, age, disability and socio-economic background. One of the primary benefits of incorporating DEI intersectionality into CIR teams is gaining a broader understanding of diverse perspectives. Cyber threats and security vulnerabilities affect individuals from all walks of life, and their experiences and concerns vary greatly. A cyber incident responder who recognises the importance of DEI intersectionality is better equipped to appreciate the unique challenges faced by different groups within an organisation or society.

Communication and collaboration

Effective communication and collaboration are crucial components of successful incident response. DEI intersectionality can improve communication by fostering an environment where all team members feel valued and heard. When team members come from diverse backgrounds and bring unique perspectives to the table, they can contribute different insights that lead to more effective CIR strategies. For example, a CIR team with various technical backgrounds (IT infrastructure and networking, threat intelligence, security operations, law enforcement, etc.) can leverage that diversity as cyber incidents overlap into various domains. Furthermore, a diverse team of cyber incident responders can connect with a broader range of stakeholders within an organisation. They can better engage with employees, executives and clients from various backgrounds, making it easier to convey the importance of cybersecurity and compliance measures. This improved communication can lead to stronger relationships and more robust security practices.

Problem solving and bias mitigation

Cyber incidents are multifaceted, often requiring creative and adaptable solutions. A diverse team of responders, each bringing their unique perspectives and skills, can brainstorm innovative solutions more effectively. DEI intersectionality fosters diversity of background, experience and thought, which can significantly enhance a responder’s ability to tackle these challenges. Diverse teams bring a broader range of ideas and approaches to the table, leading to more innovative and effective solutions.

Embracing DEI intersectionality also plays a crucial role in reducing biases in incident response. Unconscious biases can influence decision-making; leading responders to jump to conclusions, make false assumptions and waste valuable time. A responder who practices mindfulness of their own biases is better equipped to recognise potential biases in their team’s decisions, is better equipped to make impartial judgments, and ensures a more defensible incident outcome. During a cyber incident, being able to step back and differentiate what are facts (based solely on data), what is an assessment (based on limited data, intelligence and/or experience) and what are feelings (not based on data, intelligence or experience) is imperative for defensible incident response. Encouraging individuals to question assumptions and consider alternative viewpoints is invaluable in cybersecurity, where threat actors constantly adapt and evolve. By embracing a variety of perspectives, responders can better anticipate emerging threats and stay one step ahead of cyber threat actors.

Empathy and resilience

DEI intersectionality can also foster empathy and resilience in cyber incident responders. Understanding the intersectional experiences of others can lead to a greater sense of empathy and compassion, which are essential qualities for dealing with the aftermath of a cyber incident. The ability to adapt and respond effectively to cyber incidents often requires resilience. Often cyber incidents can last weeks, with long working hours, time away from family and friends and meeting people for the first time under the most stressful of circumstances. Cyber incident responders who embrace DEI intersectionality are better prepared to approach incidents with an empathetic mindset, adapting their strategies to address the unique challenges presented by different incidents and impacted groups.

Moving the needle

So where do we go from here? As the cyber threat landscape continues to evolve, incident responders must evolve as well. Embracing DEI intersectionality is a powerful step toward becoming a more effective cyber incident responder and strengthening the overall team. Here are some actionable steps to integrate DEI intersectionality into a CIR approach:

Invest in DEI training and education. Understand the unique challenges and experiences each individual brings and foster an atmosphere of empathy and inclusivity so that others feel comfortable sharing their stories.
Encourage and promote diversity within the incident response team. A diverse team brings a variety of perspectives and skills to the table, enhancing problem-solving capabilities.
Review and update incident response plans to ensure they are inclusive and considerate of the intersectionality of those affected by cyber incidents.
Continuously work on recognising and mitigating biases in decision-making processes. Encourage open discussions about bias and assumptions within the team.

Embracing DEI intersectionality has the potential to transform cyber incident responders into more effective, empathetic and inclusive professionals. By understanding the diverse identities and experiences of victims, perpetrators and responders; incident responders can better assess threats, communicate more effectively and develop more inclusive response strategies. Embracing DEI intersectionality is not only a moral imperative but also a strategic advantage in the complex and ever-changing cybersecurity landscape.

To explore similar topics around diversity, equity and inclusion in the cybersecurity space, read our blog series on diversity in cybersecurity.

Read the results of our 2023 Global IT Executive Survey: The Innovation vs. Technical Debt Tug-of-War.

To learn more about our cybersecurity solutions, contact us.

Cybersecurity Consulting

From the speed of innovation, digital transformation, and economic expectations to evolving cyber threats, the talent gap, and a dynamic regulatory landscape, technology leaders are expected to effectively respond to and manage these competing priorities.