He is the subject— She is the other.
Simone de Beauvoir
In the Global Risks Report 2022 of the World Economic Forum, cybersecurity failure was ranked as the seventh place most pertinent global risk in the horizon for the next two years. Cybersecurity failure is one of the risks that has significantly worsened during the COVID-19 pandemic. Even though many countries and industries were able to adapt quickly to new forms of human interaction and remote work, it came at the expense of increased vulnerability to cyber threats.[1] This rather alarming development is exacerbated by a growing skills shortage in the cybersecurity field, which is projected to reach a global deficit of approximately 1.8 million cybersecurity professionals this year.[2] So overall, we’re not only threatened by cybercrime, we also don’t have the means to fight it.
Providing a cybersecure world is shaping up to be a crucial global challenge for the next few years. We need as many resources and capacity as we can muster to control, fight and prevent cybercrime, including cyber abuse and cyber harassment. This goal can only be met, however, by considering the bigger picture and disengaging from the masculine stereotypes that have been dominant for many years.[3] These stereotypes have had a major influence on women in cyber from two different points of view: first, on women’s portrayal as victims of cybercrime and technological bias, of having their needs ignored by cybersecurity measures and discussions, and second, on women as professionals in cyber. Addressing both perspectives is paramount to be well-equipped to face the challenges ahead and providing a cybersecure world—for everyone.
Part III – Empowering women in cyber
Gender equality and empowering women and girls is one of the 17 Sustainable Development Goals of the United Nations.[4] There are different approaches to empowering women in cyber: adapting the law to account for new and emerging cyber threats, focusing on cybersecurity design, educating girls and women on career opportunities, and changing the work environment to cater to females on an equal level.
Law
Cyber harassment disproportionately affects (young) women.[5] This online behaviour has perceptibly increased during the COVID-19 pandemic.[6],[7] Unfortunately, cyber harassment tends to be trivialized [5] and is oftentimes barely covered by criminal law, since many countries including England focus on physical, offline offences. Together, these parameters render prosecutions for online crimes highly unlikely. In order to criminalise malicious cyber behaviour and make it prosecutable, changes on a legal level are necessary.[5],[6] Efforts to incorporate online offences, such as cyberflashing (to send an unsolicited genital image to another person, most commonly involving men sending pictures of their penises to other individuals, mostly women, without their prior agreement or consent [6]), can combine tort remedies, criminal prosecutions, and civil rights claims[5] or be based upon one of the three following models:
consent-based model—criminalising all non-consensual online behaviour
motivation-based model—criminalising all online behaviour with malign motives
a combination of (1) and (2) [6]
Technology
On a technological level, solutions to tech abuse mostly revolve around providing guidance and aid for those affected. Although this approach is useful, it shifts responsibility towards victims, which mostly means: (young) women. There is a need to go beyond support and management after harm has been done, cybersecurity research and design needs to change to reflect the reality of women as the prime targets of cybercrime. It has to acknowledge how it’s not just strangers, but mostly (former) intimate partners who offend. And they must recognize that cybercriminal behaviour is not only a corporate issue but a domestic threat as well. One way to meet these challenges is a dedicated “intimate partner violence tech abuse threat model”: a systematic approach for identifying threats facing (young) women within technical systems and improving the security design of technical systems for (young) women. The most common tech abuse threats to consider are:[8]
ownership-based access—being owner allows a perpetrator to prohibit usage or track locations/actions
account/device compromise—guessing or coercing credentials to install spyware, monitor, steal data or lock victim out of their account
harmful messages—contacting directly or indirectly via friends/family/employer without consent
exposure of information—posting or threatening to post private information or images
gaslighting—using a device’s functions to make a victim doubt her own sanity
Education
To address girls’ and women’s difficulties in entering and staying in the field of cybersecurity, the CybHER program focuses on building a community of knowledge, inspiration, and mentorship to empower, motivate, educate and anchor girls to a cybersecurity career. Based on career development research, the authors devised five pillars to provide continuous engagement with cybersecurity concepts throughout girls’ schooling:
CybHER seconds to stay connected,
CybHER minutes to educate,
CybHER hours to inspire,
CybHER days to learn, and
CybHER together to strengthen girls together with their guardians.[9]
Work environment
Last but not least, it is also up to the field of cybersecurity itself to realise changes. Firstly, women’s expertise has to be acknowledged, those from the past as well as in the present. Historically, women have been sidelined in cybersecurity while nowadays, their expertise tends to be overlooked. Moreover, cybersecurity needs to become a less dismissive work environment for women, determining new standards for hiring and promoting besides the typical “hacker persona”. The field of cybersecurity could do with some reorienting, defining itself less with “aggressive warriors defending” and more with “creating safe systems to protect humans”. This would not only describe the job better but also make it more appealing to women.[10]
Contact us for more information on the project and further updates, sign up for our newsletter and follow us on Twitter, LinkedIn, and Youtube.
References [1] World Economic Forum, The Global Risks Report 2022, 17th Edition, 2022. [2] Deloitte AG, 24 January 2022. https://www2.deloitte.com/ch/en/pages/risk/articles/women-in-cyber.html [3] Khan, M. K., Overcoming gender disparity in cybersecurity profession [Policy brief], G20 Insights. https://www.g20-insights.org/policy_briefs/overcoming-gender-disparity-in-cybersecurity-profession/ [4] United Nations, Department of Economic and Social Affairs, „Sustainable development—the 17 goals“. https://sdgs.un.org/goals (31 January 2022). [5] Citron, D. K. „Law’s expressive value in combating cyber gender harassement“, Michigan Law Review, 108(3), March 2009, pp. 373-416. [6] McGlynn, C., „Cyberflashing: Consent, reform, and the criminal law“, The Journal of Criminal Law, 2022, pp. 1-17. [7] Shoib, S., Philip, S., Bista, S., Saeed, F., Javed. S., Ori, D., Bashir, A., & Chandradasa, M. „Cyber victimization during the COVID-19 pandemic: A syndemic looming large“, Health Science Reports, 5(2), February 2022. https://doi.org/10.1002/hsr2.528 [8] Slupska, J. & Tanczer, L. M., „Threat modelling intimate partner violence: Tech abuse as a cybersecurity challenge in the internet of things” in J. Bailey, A. Flynn, & N. Henry, The Emerald International Handbook of Technology-Facilitated Violence and Abuse, Emerald Publishing Ltd., pp. 663-688. [9] Rowland, P., Podhradsky, A., & Plucker, S., “CybHER: A method for empowering, motivating, educating and anchoring girls to a cybersecurity career path”, Proceedings of the 51st Hawaii International Conference on System Sciences, 2018, pp. 3727-3735. [10] Poster, W. R., „Cybersecurity needs women”, Nature, Vol. 555, March 2018, pp. 577-581.
Author:
Dr Agnes Hoechtl
University of Applied Sciences for Public Services in Bavaria - Department Police
Comments