Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

01:00 PM
Liviu Arsene
Liviu Arsene
Connect Directly
E-Mail vvv

How Neurodiversity Can Strengthen Cybersecurity Defense

Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.

The cybersecurity skills shortage and workforce gap continue to be of concern to organizations. As they seek to protect digital assets by finding professionals with the right skills, demand remains higher than supply.

With recent surveys suggesting the cybersecurity workforce gap decreased in 2020 from previous years — from 4 million worldwide in 2019 to 3.1 million in 2020 — 28% of CISOs firmly believe that "serious disruptions" will occur if these roles are not filled. Around 76% of CIOs and CISOs believe the answer to this shortage lies in a more diverse skill set among those tackling cybersecurity tasks. Additionally, a third of infosec professionals agree that neurodiversity will make cybersecurity defenses stronger while also helping to eliminate bias in the industry.

Related Content:

(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity

Special Report: Special Report: Understanding Your Cyber Attackers

New From The Edge: AI and APIs: The A+ Answers to Keeping Data Secure and Private

Defining Diversity and Neurodiversity
Diversity is nature's way of increasing its odds of survival. It's a fact that genetic diversity helps maintain a healthy population and build up resistance to diseases, while allowing it to adapt to change. 

Neurodiversity is considered a natural genetic variation in the population and usually refers to the range of neurological differences in brain functions and behavioral traits, typically associated with social skills, learning ability, and mood. Commonly, individuals that diverge from the dominant societal standards of "normal" neurocognitive functioning are referred to as neurodivergent.

Since first introduced as a concept in the late '90s, neurodiversity has also become a social justice movement that seeks civil rights, equality, respect, and full societal inclusion for the neurodivergent. Regardless of the specific definition, the topic is typically associated with individuals that may be diagnosed with ADHD (attention deficit hyperactivity disorder) or on the autism spectrum and possess exceptional high pattern-recognition abilities, attention to detail, focus, and even outside-the-box thinking.

Diversity, including neurodiversity, in cybersecurity could improve an organizations' overall resilience to cyberattacks. Cybersecurity teams combining professionals with unique skill sets from different educational and social backgrounds, genders, ethnicities, and even with exceptional neurological abilities, can build the right pool of talent to tackle a wide range of cybersecurity challenges.

How Cybercriminals Leverage Diversity and Neurodiversity
Cybercriminals may have long embraced neurodiversity. With no rules on educational background or hiring practices, the cybercriminal community often simply seeks the person who can do the job best. It's likely that most cybercriminal gang members have different social backgrounds, are of different ethnicity or religion and possess differing levels of education, but that doesn't stop them from breaching some of the largest companies or pulling off massive digital heists. 

Consider the cybercriminals diagnosed with Asperger's syndrome who pulled off hacks against the Federal Bureau of Investigation, the US Army, the Missile Defense Agency, and the Federal Reserve. It's safe to speculate that diversity and neurodiversity are no strangers to cybercrime. 

Although there is little to no empirical evidence to suggest the relationship between autistic individuals and cyber-driven crimes, some studies have tried to find a link between cybercrime and gifted individuals. However, due to the nature of the Internet and cybercrime, it is difficult to find and prosecute these criminals, let alone study and assess their cognitive abilities.

Strengthening Cybersecurity Efforts
Four in 10 cybersecurity professionals believe communication remains one of the biggest barriers in the cybersecurity industry. Tech jargon brought into the boardroom can significantly hamper board members' understanding of the security risk their organization faces. This, in turn, can negatively affect security budgets because of the lack of perceived risk. 

Diversity of talent on cybersecurity teams could potentially solve this communication problem. Building teams with different skill sets ranging outside technical qualifications can have a positive impact. 

For example, instead of creating an all-tech team, each with their area of expertise, infosec leaders should consider adding a staff member who's an excellent communicator. He or she could translate technical details and present them in terms non-technical board members can understand, providing clear insight on the organization's security challenges, which in turn could lead to positive outcomes, including improved cybersecurity posture of the organization. Gaining buy-in from board members and achieving cybersecurity objectives is one goal where a non-technical member of a security team can be invaluable.

Incorporating neurodiversity into cybersecurity teams may have additional positive impacts. Employees that are uniquely skilled at finding patterns in seemingly unrelated data or relentlessly pursuing potential signs of data breaches could prove invaluable as part of companies' efforts to detect and respond to threats. While automation currently does most of the heavy lifting in spotting these anomalies, security team members with unique skills and attention to detail may contribute additional insights and correlations that validate findings and even improve tuning of automated systems.

Of course, there's no recipe for success in building diversity and neurodiversity into a cybersecurity team. Motivating people with different skill sets and from across the neurodivergent spectrum may prove challenging, but a growing number of CIOs and CISOs believe neurodiversity in the sector will help combat advanced persistent threats and cyberwarfare.

Striking the balance between using the best security technologies, automation, and people should be a goal for any organization when pursuing a more effective cybersecurity posture.

Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.