One of the legacies to emerge from the pandemic is the accelerated digital transformation that companies had to undergo, in some instances, overnight.
Brian Pinnock, vice-president: sales engineering at Mimecast
On one hand, digitalisation has endowed society with increased benefits such as convenience and time saving when engaging in online shopping, remote working, e-health services, and many others. On the other hand, there has been an increase in cybercrime.
According to Interpol’s 2022 Cyberthreat Assessment report, South Africa has the highest number of cyber threats in Africa with 230 million threats detected, and 95% were e-mail-related. Other industry research has found that South Africa has the third-highest number of cybercrime victims worldwide and online fraud in critical sectors such as the banking industry surged by 36% last year.
As a result, companies now view cyberattacks as bigger business risks than climate change and inflation. To ensure a safe digital experience, inclusive access to cybersecurity is paramount. However, cybersecurity products have been designed to focus on performance over usability, resulting in people – especially those with disabilities – struggling to comprehend or navigate such platforms.
As a society, we implement various measures and structures to help accommodate and ensure accessibility and inclusivity for everyone, but this is not always translated to the digital world. For people with disabilities, surfing the internet is generally a difficult task.
Research by WebAIM has found that 83.9% of home pages from the top 1-million ranked websites were inaccessible to people with visual impairments due to issues such as low-contrast text. Regarding cybersecurity, the challenges that vulnerable people face are fundamental, especially as it relates to the design of cybersecurity products.
In their thesis, Karen Renaud and Lizzie Coles-Kemp pointed out that cybersecurity designs often assume that users are able-bodied, cognitively or visually unimpaired, and have the necessary resources and dexterity to interact with security systems. This results in the exclusion of people with disabilities from essential online services.
What can the cybersecurity industry and companies do to change this?
Rethink cybersecurity products to make them accessible by design
Cybercriminals are using social engineering to anchor their attacks. They use tactics such as emotional manipulation to trick people into assuming that an email or message comes from a legitimate source, to click on the wrong link, or to submit confidential information on a website that appears official.
In order to provide the right level of protection to users, cybersecurity professionals need to ensure the products they design are suitable for all users. In practice, this includes several considerations, including:
* Adjusting contrast in all visual products to support hard-of-seeing users.
* Providing clear actions to people with various neurotypes to help them spot sophisticated threats.
* Ensuring that information is shared in a way that does not result in increased stress and anxiety.
* Embedding support for assistive technology to ensure people with various impairments can use the solutions.
Make cyber awareness training accessibility-friendly
Based on the daily headlines about data breaches and ransomware attacks, it is easy to assume that cybersecurity awareness training does not work – or so it seems. Traditionally, security awareness training has involved long lectures or documentation that isn’t user-friendly, which is why companies need to rethink their staff training and use a universal literary tool such as humour, to make the training stick.
Beyond the entertainment factor, companies should also look to add an accessible awareness training programme to an email gateway, which offers significant advantages. In practice, Mimecast found that dangerous URL clicks were reduced by as much as 20% within six months.
Additionally, companies should also look to develop unique training video formats that combine:
* Key insights in a short and engaging format, ensuring that people who may find it challenging to focus on content for an extended time can still benefit from the training.
* Content that is perceivable by all, including high contrast and subtitles for hard-of-hearing people.
* Closed captioning to ensure that everyone can follow what is happening on-screen.
* Audio descriptions for those who can’t see the content.
By rethinking how cybersecurity is designed and making security products and training more accessible and user-friendly, cybersecurity professionals and companies can promote inclusivity in digital security and privacy.
This not only aligns with an increasingly interconnected and digital-first world but also helps to consolidate and accelerate the rights of people with disabilities.
Fostering a more accessible and secure cyberspace should not just be a goal but also a binding, strategic commitment to ensure the benefits of technology are shared and enjoyed by all.