Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Engaging in diversity, equity, and inclusion for stronger cybersecurity

By Karen Walsh
SEC1120-Cyber-Feat-slide1_900px
November 17, 2020

As institutions of higher education reel from recent cyberattacks in the United Kingdom, IT departments work tirelessly to secure sensitive student data. Student records offer a wealth of personally identifiable information (PII) from birth dates and social security numbers to bank account numbers and home addresses. In parallel, a study released by EDUCAUSE in July 2020 notes that the CIO’s Commitment on Diversity, Equity, and Inclusion (DEI) reports that 83.1% of respondents strongly agree that “diverse, equitable, and inclusive workplace environments foster more effective and creative teams of technology professionals.” Although at first glance, these two issues appear unrelated, bringing diverse voices to the cybersecurity table may provide a way through, rather than around, the current security struggles facing remote learning models in higher education. 

 

Ransomware attacks on the rise

At the beginning of June, an Inside Higher Ed noted that while institutions of higher education were traditionally not often targets of ransomware attacks, three profile ones indicated a shift in cybercriminal methodologies. However, in September, a barrage of ransomware attacks on colleges and universities in the United Kingdom led to the UK’s National Cyber Security Centre (NCSC) to issue an alert.

As institutions of higher education accelerated their digital transformation strategies, cybercriminals recognized that they offered a plethora of non-public personally identifiable information (NPI). Institutions of higher education struggle with limited IT resources and an abundance of legacy technologies that make security difficult.

However, even more importantly, for cybercriminals, individual institutions also have some of the most diverse populations across racial, gender, and age demographics when compared to other industries.

 

How diversity impacts the likelihood of a successful ransomware attack

Often, ransomware attacks are part of a broader social engineering attack. As social engineering attacks target users’ emotions as a way to trick them into clicking on either a risky link or download.

Problematically, when higher education IT departments assume that students, as presumed digital natives, are a lower risk, they are using an outdated mentality. In an EdTech Magazine article published on September 16, 2020, Helen Patton, CISO for The Ohio State University, explains the problems inherent in this assumption noting, “they’re very sophisticated in a few areas, like social media. But in higher education, there are certain technologies they haven’t been introduced to before and they are certainly not secure in the way they handle those.” As IT professionals work to prevent ransomware attacks, they need to focus on the different types of social engineering risks across their divergent populations.

Students, for example, may be able to parse out Smishing or social media messenger attacks, but emails attempting to steal credentials by posing as help desk professionals looking to reset learning application passwords might be successful.

Meanwhile, the opposite may be true for certain faculty and staff. Younger professors and staff may not be as susceptible to a phishing email, but employees working with a department’s social media might be more likely to fall prey to a fake social media profile.

Finally, institutions of higher education need to consider that race, gender, religion, and sexuality differences on a campus may also increase the likelihood of social engineering attacks targeted at socio-political beliefs. College and university students, developmentally speaking, are seeking to find their adult identities which can make them be more susceptible to social engineering attacks that incorporate identity or political beliefs.

 

Why DEI matters to cybersecurity

All the technical controls in the world cannot mitigate the risks associated with social engineering. Institutions can enforce spam blocking, but ultimately, someone will click on a malicious download or link that leaves the entire infrastructure at risk.

While most organizations struggle to overcome the predominance of white men in their IT departments, higher education also needs to respond to end-user generational, developmental, social, and political diversity in ways that the large enterprise does not.

DEI in higher education IT hiring offers one way to help reduce these risks. Although outdated in terms of statistics, the 2018 (ISC)2 report, Innovation Through Inclusion: The Multicultural Cybersecurity Workforce, details the way in which creating a diverse, equitable, and inclusive IT department can help create a more robust approach to cybersecurity, explaining, “creating a culture that inspires workers to approach problems and challenges from different perspectives that ultimately help an organization excel. Diversity is not only important for driving company growth and profit, it is vital in the cybersecurity profession that depends on unique approaches to problems and challenges to protect an organization.” Cybersecurity, especially when looking through the lens of social engineering and ransomware attacks, depends on understanding all end-users, not just a subsection of them.

Although many colleges and universities promote DEI initiatives at the student acceptance and faculty hiring levels, applying these strategies to their IT departments offers an extra layer of risk mitigation. If the IT department represents the entirety of the campus population, then the department will have a wider ranging view of the social engineering attacks that can be successful.

For example, if college and university IT departments limit themselves to older, white male employees, they may not be able to recognize the emotional sway some social engineering tactics have on the young, black female population. Similarly, an IT department consisting predominantly of Millennials may not be able to effectively recognize the types of emotional arguments that are successful against Boomers or Gen X employees.

 

Defense in Depth includes DEI

A holistic defense in depth approach to higher education cybersecurity needs to incorporate both the technologies and people that help protect end-users. IT departments cannot assume that all users have the same motivations, especially when colleges and universities create carefully cultivated campus communities by focusing on DEI.

As higher education’s IT stacks increasingly incorporate cloud services, CIOs need to push for greater inclusion across the IT department. DEI cannot be limited to the campus student and faculty body because when the IT department itself is not representative of the campus, the IT professionals become disconnected from their end-users. Creating diverse and inclusive teams within the IT department can better protect the university’s IT stack while adding the institution’s overarching DEI mission.

KEYWORDS: cyber security diversity in security education security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Karen walsh

Karen Walsh, CEO at Allegro Solutions, is a data-driven compliance expert focused on cybersecurity and privacy who believes that securing today’s data protects tomorrow’s users. Karen has been published in the ISACA Journal experience in cybersecurity centers around compliance. Her work includes collaboration with security analysts and ghostwriting for c-suite level security leaders across a variety of internal and external vulnerability monitoring solutions. As a lawyer, she is deeply knowledgeable about security and privacy laws and industry standards including GDPR, CCPA, and ISO. She is currently under contract with Taylor& Francis and is writing a book about cybersecurity for small and midsized businesses.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data privacy

    5 security predictions for 2021

    See More
  • internet of things

    Driving remote workforce efficiency with IoT security

    See More
  • Diversity-in-security-freepik.jpg

    Challenges associated with diversity, equity and inclusion in cybersecurity teams

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products

Events

View AllSubmit An Event
  • July 17, 2025

    Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

    From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing