Equity is an ancient legal concept that is based on creating fairness where the operation of a legal or economic system has failed to produce a fair and just result. Equity is the principle behind giving farmers subsidies, using tariffs to protect domestic industries and granting political asylum to refugees of foreign countries.
As a responsible corporate citizen, TEMVI wholeheartedly embraces these efforts and we view our promotion of Cybersecurity Equity as a small part of the effort to create a more just, fair and sustainable planet.
We often view cybersecurity as a cold and dry science. Nothing could be further from the truth. The human mind is imprinted on every aspect of cybersecurity from the conception of an encryption algorithm or coding human logic, to social engineering attacks. Moreover, for every piece of technology employed in a cybersecurity plan a human must assess its appropriateness, and effectiveness vis a vis the data that it is intended to protect. A human must procure the device. The device must be securely configured and integrated into an organization's computer system by a human being. Human beings must be trained on the secure operation of the device and other human beings must audit and report on the extent to which security policies and procedures are being followed. Other human beings must assess the effectiveness of these controls and others must assess the adequacy of the testing and auditing procedures.
Needless to say, wherever there are humans there is great subjectivity. This subjectivity often is the basis of error. As well, it is often the source of unchecked bias and malicious intent. Cybersecurity Equity is a notion that attempts to create consciousness of the errors and potential for malicious actions that often result from subjectivity in practice of cybersecurity.
Types of Cybersecurity Inequity
Access to Cybersecurity
As stated elsewhere, cybersecurity has traditionally been expensive. As a result, only the élite organizations and institutions could adequately secure their computer systems. The result is that smaller organizations that are more economically by virtue of their size in the marketplace and vulnerable are also more vulnerable to a cyberattack because of their inability to adequately defend themselves.
Disproportionately, excluded groups (e.g. African Americans, Latinx, Native, economically disadvantaged, women LBGTQ etc.) are--over time--becoming more vulnerable, more likely to become a victim of cyberattack and more likely to suffer devastating organizational consequences as a result of an attack. This greater vulnerability leads to greater incidence of attack, greater losses and perpetuates a vicious cycle where an entrepreneur who started with less has less to bequeath to subsequent generations who, therefore, begin their journey with little or nothing.
Surveillance, Monitoring and Audit
Critical components of genuine cybersecurity are surveillance, monitoring and audit. "Inevitably populations that experience the brunt of systematic racism, inequality, and bias also become targets of invasive and unwarranted [cyber] surveillance" argues Lisa Ho of the University of Berkley, School of Information. Left unchecked, technology then becomes an accelerator for systematic racism, inequality, and bias rather than a force for good.
Employment and Contracting
We are in the middle of a cybersecurity boom. However, groups that have been subjects of bias and exclusion often lack the past experience in business, management and technology to take advantage of the contacting opportunities that can be used as a basis for creating successful business enterprises.
Law Enforcement, Courts and Insurance
Every cyberattack is a crime. When the crime is reported it is investigated by law enforcement and insurance companies. When a forensic investigation cannot rule out insiders of the target company (i.e. owners, workers, contractors who touch the system) they become suspects. Historically, the same groups that experience the brunt of systematic racism, inequality, and bias in other areas have the same experience with law enforcement, courts and insurance companies. The result is that innocent people sometimes must expend time and money to extricate themselves in investigations of cyber attacks and then struggle with insurance investigators and companies to get E&O and D&O claims paid.
Says one African American dentist whose office was the victim of a cyber attack. "My lawyers informed me that the FBI believed that I might have been behind an attack on my own clinic. After my lawyers showed them how that couldn't have been true, we still had to sue our E&O provider to get the insurance claim paid. The forensic investigator reported that I failed to diligently protect the system. I always wonder if these doubts about my honesty, competence and diligence would happen if I were a white dentist."
Cyber Hate Crimes
In addition to systemic economic and social bias, certain populations (e.g. African Americans, Latinx, Immigrant, Jewish, LBTGQ, women, liberal political organizations etc.) are also targets of cyber hate crimes.
Hate crime is defined by the US Department of Justice as “a crime in which the defendant selects a victim, or the object of the crime, because of the actual or perceived race, color, religion, national origin, ethnicity, gender, disability, or sexual orientation of any person.”
Cyber hate crimes are particularly problematic for two reasons: 1) lack of skill required to execute such attacks and; 2) the ease of escape.
A financially motivated cyber attack often involves a fairly high level of skill (e.g. encryption, coding network administration) The attacker must have technical skill and advanced strategic thinking capabilities to stay ahead of cybersecurity controls. "The attacker has to overcome the defenses and get away undetected to benefit from the crime. Where the adversary simply wants to destroy the victim's ability to perform its mission or embarrass and humiliate an organization's members and leadership, only destructive capabilities are required.
At the same time, any theft of funds leaves a digital trail. Simply put, funds came from somewhere and went somewhere. In addition to the skill required to execute the crime, additional skill and effort is required to cover tracks to the identity of the perpetrator. A destructive attack does not require as much skill in planning, targeting and escaping.
TEMVI's Cyber Equity Initiative focuses on identifying and supporting business owners from historically underrepresented communities with pricing and financing options scaled to the ability of the organization to pay. It is our hope that this initiative will accomplish the following objectives:
Enable entrepreneurs from historically underrepresented populations to safely use technology tools as an accelerator of economic and social justice embodied in their mission and by virtue of their existence.
Creating working examples of lower-cost cybersecurity that can be profitably adapted to smaller and smaller businesses which integrate legal, technology and management components.
Helping business owners from historically disenfranchised communities to build thriving and secure enterprises that can serve as a basis for creating intergenerational wealth.
Our debut initiative is focused on the African American entrepreneur. (Click here to learn more about Black Cybersecurity Matters)