Effective cyber security represents the greatest challenge of the online age. This applies all the way from protecting the data held by a third party supplier, to protecting critical infrastructure from crippling DDoS attacks.
Currently, security teams are struggling. The quantity and variety of cyber attacks directed (now purposefully) are overwhelming even the most stringent organisations. It is true, that the majority of successful breaches are the result of human error. However, aside from training, technology security solutions are required to protect endpoints and detect intrusions once in the network. Without them, vicious malware can run rampant for months, even years without being detected.
Improving cyber security best practice starts from the security team in an organisation. And, the more diverse a team, the better – in more ways than one.
A diverse workforce – overall – will lead to better business results. Companies in the top quartile for racial and ethnic diversity are 35% more likely to have financial returns above their respective national industry medians, according to McKinsey research.
At the same time, a 2015 study from Bersin by Deloitte showed that diverse companies had 2.3 times higher cash flow per employee over a three-year period than non-diverse companies did.
The studies come to the same conclusion – diversity is beneficial to business success, in all aspects. A 2015 study of 7,600 London firms found that companies with diverse management are more likely to introduce new product innovations than their homogenous counterparts.
Solving the security skills gap
It is predicted there will be a global shortfall of skills to the tune of 3.5 million open cyber security jobs by 2021, according to research from Cybersecurity Ventures.
“The security skills gap could be solved by more diversity,” said Tara O’Sullivan, CMO at Skillsoft.
Currently, women make up only 23% of STEM occupations in the UK, according to WISE. But, if this number rose the skills gap would naturally narrow. “Put simply,” said O’Sullivan, “closing the tech diversity gap can help to close the security skills gap. Women are an untapped resource of IT talent.”
Security needs ‘diverse skills’
It is clear that diversity, whether that is gender, ethnicity or background, can help any team. But, it is perhaps underestimated how well it can help security teams – according to Javvad Malik, security advocate at AlienVault.
>Read more on How to tackle cyber security as a collaborative team
“While homogenous teams feel easier to operate in, it can lead to stagnation, or specialisation in some aspects at the expense of others,” he said.
“Beyond this, security teams need diversity because of the diversity of challenges that it faces. Cyber/information security isn’t a narrowly-defined field, where one skill set can cover the entire spectrum.”
“There are diverse requirements to write policy, check for compliance, reverse engineer malware, investigate incidents, architect secure design, interact with project management or senior stakeholders – the list goes on. It’s reasonable to expect a diverse group will bring about the diverse skills needed.”
The adoption of DevOps, and DevSecOps (introducing security earlier in the lifecycle of application development), is on the rise. As a result, “software developers, application security teams and operations teams are under increasing pressure to release features at a lightning speed and maintain quality and security of the application,” according to Meera Rao, senior principal consultant at Synopsys.
>Read more on DevOps professionals with security skills
“There must be continuous collaboration, and continuous communication across development, security and operations teams, to bridge the gap while, maintaining productivity and solution time to market.”
A diverse team consisting of software developers, application security teams and operations teams will form the front line when it comes to guiding an organisation on application security. And, this can “definitely bridge the current gap that exists between DevOps and security teams.”
Addressing the problem of diversity
Cyber security, like the majority of the technology space, is renowned for being a “pale, male, stale” industry, said Sophie Harrison, Chief of Staff at Panaseer. The benefits of diverse security teams are clear: close the skills gap, while improving product innovation. However, addressing the problem of diversity as a whole is a difficult question to answer, because there is no easy fix.
>Read more on Diversity in cyber security: How to close the gender gap
“Responsibilities lie across the board, from teachers in schools who need to make sure they’re encouraging more girls into tech subjects, to parents who can help by consciously erasing the gender lines in terms of what jobs are available to whom, being careful not to push their children towards certain careers based on old-fashioned perceptions,” said Harrison.
In the working environment, there are practices that “employers can implement to make roles more appealing to women,” she continued. This should be implemented by those who build the security teams – the CTOs, CIOs and CISOs.
The importance of diverse security teams
A diverse security team is better than one that lacks variety.
Cyber attacks are on the rise, and their impact is increasingly, more devastating. “The people and skills available to protect organisations and society must respond, both by thinking more creatively and also by growing in number,” said Amanda Craib, Chief Information Security Officer for Fujitsu EMEIA.
“In the future, if technology is not secure we could find ourselves entering a brave new world – one where criminals are in control. There is no one-size-fits-all solution to the world’s security challenges. But where technology security is right now could be transformed, with access to an untapped source of thinking to meet those challenges. It is only by engaging a diverse array of people in cyber security that we can hope for victory.”