When I joined Deque almost a year ago as the Director of Security, I became acutely aware of the importance of accessibility in cybersecurity. Through my research, I found that not only are cybersecurity solutions in most organizations not accessible for end users, but most tools used by cybersecurity professionals themselves also are not accessible to people with disabilities. This makes it extremely difficult—if not impossible—for people with disabilities to work in cybersecurity.
On May 18, 2023, Global Accessibility Awareness Day (GAAD), the National Cyber Security Centre of the United Kingdom (UK) wrote about these issues in their blog: https://www.ncsc.gov.uk/blog-post/accessibility-as-a-cyber-security-priority. This is a history-making statement as the UK is the first national government to take a stand on this ever-important issue. People and companies worldwide deal with online security problems every day, and, as we’ve all seen, the effects can be devastating.
In the blog by Lee C of the NCSC UK Sociotechnical and Risk Group, a situational story clearly illustrates how most of the security solutions used today are not accessible to those we are trying to protect and why this should be a priority for cybersecurity professionals. He gave clear examples to show how security programs can be unintentionally inaccessible for end users and how we can improve them. The solutions he proposed are possible, and we need to make accessibility a priority when building and maintaining their security programs going forward.
Some cybersecurity publications also covered this historic announcement. Phil Muncaster, the UK / EMEA News Reporter for Infosecurity Magazine, wrote an article summarizing the highlights from the NCSC UK announcement/. Michael Hill, UK Editor for CSO Online, wrote a report on what was covered in the NCSC UK announcement and got feedback from Lisa Ventura, founder of Cyber Security Unity. “If you have security measures in your organization that aren’t accessible,” said Ms. Ventura, “your systems will be much harder for everyone to use. The advice provided is a great starting point, and I hope to see it implemented by organizations, no matter their size.”.
I agree that this is a step in the right direction, but this announcement only addresses ways to improve accessibility for end users. It did not cover how the field of cybersecurity is also unintentionally inaccessible because most cybersecurity solutions today are not accessible to people with disabilities who don’t even have the chance to break into the field. And, if someone already in the area should become newly blind, they would most likely have to find another career. Not only does this significantly reduce the available talent pool for one of the fastest-growing and critical digital requirements, it adversely affects all portions of an existing security team.
To learn more, watch my Why Cybersecurity Should be Digitally Accessible webinar on demand.