As the digital world continues to dominate our personal and work lives, it’s no surprise that cybersecurity has become critical for individuals and organizations.

But society is racing toward “digital by default”, which can be a hardship for individuals unable to access digital services. People depend on these digital services for essential online services, including financial, housing, welfare, healthcare and educational services. Inclusive security ensures that such services are as widely accessible as possible and provides digital protections to users regardless of the individual’s capabilities, abilities and resources.

Therefore, to adequately address cybersecurity risks, we must also consider accessibility and inclusivity. But not everyone has equal access to digital devices or skill sets, leaving them more vulnerable to cyberattacks. The COVID-19 pandemic also underscored the significant role digital access plays in society.

Let’s examine the significance of accessible and inclusive cybersecurity and the steps we can take to enhance security for all.

What is Accessible and Inclusive Cybersecurity?

Accessible and inclusive cybersecurity refers to designing and implementing cybersecurity measures to fit the needs of all individuals. This implies designing policies, procedures and technologies with those with disabilities or other marginalized groups in mind.

The goal of accessible and inclusive cybersecurity is to guarantee that everyone has equal access to the tools and resources necessary for protection from cyber threats — including anyone with limited physical access to digital devices, limited technical skill sets or other barriers.

By making cybersecurity more accessible and inclusive, we can create a more equitable and secure digital environment for everyone.

Unfortunately, the statistics are not in our favor. Accessibility issues remain a major challenge for those who are digitally excluded. According to 2022 data from the World Bank, approximately 3 billion people worldwide remain offline due to factors like income, geography, education and disability.

Individuals left out of the digital world often need access to tools and resources to protect themselves against cyberattacks.

Why Accessibility Matters are so Critical

Accessibility issues pose a significant hurdle for those who are digitally excluded.

But what is digital exclusion? It refers to the absence of physical access to digital devices, the inability to develop skills needed in the digital world and access disparities based on factors like income or location.

Physical access to digital devices can be a significant barrier for anyone living with disabilities or in remote areas. Individuals with visual impairments may find it difficult to use devices that do not have accessible features, such as screen readers or magnification tools. Additionally, those living in these remote places may lack high-speed internet or reliable electricity, thus restricting their capacity to utilize modern technology.

Skills to navigate the digital world present a significant obstacle for digitally excluded people. A 2021 report from Pew Research Center revealed that 14% of adults with a high school education or less do not use the internet. Many cited a lack of digital skills as their primary barrier. Without the knowledge and ability to protect oneself online from threats such as viruses and phishing attempts, individuals may become more susceptible to cyber crimes due to their inability to recognize and mitigate potential dangers.

Finally, factors like income and geography can severely limit access to digital technology and resources. In many places around the world, individuals living in low-income areas may not have access to high-speed internet or may lack the financial means to purchase digital devices. This presents a major obstacle for those trying to make ends meet.

When it comes to cyber threats, accessibility issues are a significant concern for those who are digitally excluded and can immensely impact an individual’s capacity to protect themselves.

COVID-19 and the Importance of Digital Access and Cybersecurity

The COVID-19 pandemic has brought about profound changes to our daily lives, such as how we access essential services and work. With social distancing measures in place, many have turned to digital technology for healthcare, education and other essential needs. Furthermore, many companies have moved towards remote work models, further underscoring the significance of secure digital access and cybersecurity measures.

However, the transition to digital technology has also highlighted the digital divide and the challenges faced by those it excludes. People may struggle to access healthcare services or work remotely without reliable internet or devices. Similarly, those without strong digital skills could be more vulnerable to cyber threats when navigating unfamiliar digital environments.

The COVID-19 pandemic has presented cybersecurity risks. As more people rely on the internet to work and access essential services, cyber criminals are launching more advanced attacks. According to a report from the FBI, reported cyber crimes increased dramatically after the pandemic. These incidents can have devastating results, such as financial loss, identity theft and damage to personal and professional reputations.

COVID-19 has brought to light the essential role digital access and cybersecurity play in our society. Moving forward, it is essential to address the digital divide and design cybersecurity measures with accessibility and inclusivity in mind.

Steps to Promote Accessible and Inclusive Cybersecurity

Improving accessible and inclusive cybersecurity is a complex challenge. Moving forward requires the collaboration of stakeholders such as governments, technology companies and civil society organizations.

Still, there are steps that can be taken to promote accessibility and inclusivity in cybersecurity:

Create accessible cybersecurity policies and standards. Governments and technology companies should collaborate to develop policies and standards that guarantee cybersecurity measures are accessible and inclusive, taking into account the needs of people with disabilities and other marginalized groups. These rules and standards should be tailored specifically for this purpose.

Provide digital skills training. Offering digital skills training can give digitally excluded individuals the confidence to go digital and protect themselves from cyber threats. Governments, technology companies and civil society organizations all have a role to play in providing this type of instruction.

Ensure digital devices and software are accessible. Digital devices and software should be designed with accessibility features like screen readers or magnification tools in mind — enabling individuals with disabilities to utilize modern technology and protect themselves from cyber threats.

Address inequalities of access. Governments and technology companies should collaborate to address disparities in access to digital technology and resources. This could include initiatives that increase access to high-speed internet and digital devices.

Involve individuals with disabilities and other marginalized groups in cybersecurity decision-making. It is essential to include individuals with disabilities and other marginalized groups in cybersecurity decision-making, so their needs and perspectives can guide the process.

Equitable Cybersecurity is the Future

Improving accessible and inclusive cybersecurity is a daunting challenge. However, it’s also a critical step toward creating a more equitable and secure digital space for everyone. By working together, we can design cybersecurity measures with inclusivity in mind so that everyone has equal access to the tools and resources needed to protect themselves against cyber threats.

More from Intelligence & Analytics

Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution

8 min read - In this post, we’ll review a simple technique that we’ve developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon. Picture this — you’re on a red team engagement and your phish went through, your initial access payload got past EDR, your beacon is now living in memory and calling back to you. The hard part is over, time to do some post-exploitation. You fire up your trusty BOF toolkit and…

8 min read

How Do Some Companies Get Compromised Again and Again?

3 min read - Hack me once, shame on thee. Hack me twice, shame on me. The popular email marketing company, MailChimp, suffered a data breach last year after cyberattackers exploited an internal company tool to gain access to customer accounts. The criminals were able to look at around 300 accounts and exfiltrate data on 102 customers. They also accessed some customers’ AIP keys, which would have enabled them to send email campaigns posing as those customers. This data breach attack wasn’t especially noteworthy…

3 min read

Going Up! How to Handle Rising Cybersecurity Costs

4 min read - The average cost of cybersecurity systems, solutions and staff is increasing. As noted by research firm Gartner, companies will spend 11% more in 2023 than they did in 2022 to effectively handle security and risk management. This puts companies in a challenging position: If spending stays the same, IT environments are at risk. If they budget more for cybersecurity, funding for other projects may fall through. The result? Businesses must balance rising cybersecurity costs with finite budget resources. What’s Driving…

4 min read

ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)

7 min read - In late April 2023, IBM Security X-Force uncovered documents that are most likely part of a phishing campaign mimicking credible senders, orchestrated by a group X-Force refers to as ITG10, and aimed at delivering RokRAT malware, similar to what has been observed by others. ITG10's tactics, techniques and procedures (TTPs) overlap with APT37 and ScarCruft. The initial delivery method is conducted via a LNK file, which drops two Windows shortcut files containing obfuscated PowerShell scripts in charge of downloading a…

7 min read