4 Ways Women are Uniquely Impacted by Cyber Threats

As we observe #IWD and Women’s History Month, let's look at how cyber threats create unique obstacles for women and ways we can come together to address them. My sister is a working mother in San Francisco with two kids under ten facing Zoom schooling while keeping food on the table as an insurance underwriter. She and her husband have a specialty wine bar in a city full of bars and restaurants hit hard by the pandemic, so her insurance job is critical to supporting the family. (Here's the link in case you want to support the wine club and help put food on the table). The COVID-19 pandemic has impacted women uniquely as primary caregivers. While my own children are grown adults now, I continue to wonder at my sister’s resilience through this situation, unable to help her with my niece and nephew since we are in separate ‘safe-pods.’ As a woman in cybersecurity, it has also caused me to reflect on how a wave of high profile cyberattacks have created unintended consequences of this strange time, and how women are uniquely impacted. I want to call out four ways that I believe cyber threats create unique obstacles for women today and ways we can come together to address them. I’ll start by also saying every woman's experience is different, so my perspective and research on the matter are intended to shine a light – in a general way – on the issues. 1. Digital Finance & Procurement > Personal Fraud & Identity Theft According to recent studies, women manage the finances in most households—running budgets, paying bills, and reconciling bank accounts—meaning they're disproportionately affected by threats targeting financial services, such as phishing and malware like banking trojans. Along with making most of the financial decisions, women are more likely to decide how family income is spent on consumer goods. With most transactions happening online during COVID-19, even grocery shopping can be risky, exposing women to threats like credit card skimming and malware hiding in mobile apps. On top of that, with the increase in digital banking and expanded digital services available for online grocery delivery, meal planning, and other in-home requirements, we are using more online consumer applications. That means we’re linking our bank accounts to more things than ever before. Women also make up the bulk of those starting or managing small businesses in 2020, so we’re using more startup and business administration services like Wix, Canva, Legal Zoom, QuickBooks, Shopify, Alibaba. We don't often think enough about the massive digital ecosystems and supply chains that go into these services and may take them for granted. However, all it takes is one weak link, which the provider may not even know exists, for them to be compromised. We trust that all these sites and services have digital infrastructures protected from fraud, identity theft, and vulnerabilities between the seams of the internet, where we are linking all aspects of our digital personal lives together. But are they really? We know that these large e-commerce companies and e-banks are on the cutting edge when it comes to security technology for their silo. They can recruit the best talent in their security operations and fraud centers, but who is watching the seams as we all individually build out what I will refer to as our ‘Personal Money Cloud Infrastructure?’ What CISO do we have in our household looking at threats to that? 2. Digital Healthcare & Wellness > Data Privacy during COVID As with household accounting, women also take on a heavier responsibility in managing the family’s healthcare requirements—doctor’s visits, prescriptions, dealing with insurance providers, etc. Due to expanded regulations in these areas, more providers and third-parties are digitally transforming in the face of our global health crisis even before the pandemic. We see more digital options for connecting our credit cards or ACH to expanded services such as e-pharmacies, health record applications, and even consumer health and fitness apps. Medical insurance companies are notoriously difficult to work with, but this is compounded with the rise of medical coding issues on the medical provider side as more offices digitally transition due to new compliance requirements. Now couple these things with the current job losses due to COVID. You have more people now doing things like switching to COBRA plans or shopping for new plans under the Affordable Care Act. With change comes more opportunity for threat actors to take you as their next victim. Then, there’s the other medical providers such as diagnostic services or plastic surgery centers, for example, who aren’t always on the cutting edge of cybersecurity but seem to be getting targeted as well. There is no question that COVID-19 and COVID-related cybercrime disproportionately affect women. Women are more likely to make family doctor appointments, schedule a vaccine, and make other healthcare-related decisions. With this dynamic, women are disproportionately affected by threats with COVID-19 misinformation and pandemic-related lures. In this state of mass vaccination rollout where many women are taking the lead either in their households or for their parents, trying to find the best way to get on the list. Since the process is different across states and counties for how vaccine approval and administration work, suddenly we find ourselves staring at a rudimentary Google Form on a non-descript website being asked for our Social Security number and other private information. If this isn’t ripe for fraud, I don’t know what is. 3. Online Cyber Safety & Family Mental Health Back in the day (like 2-3 years ago), we were focused on ways to provide more cyber awareness to young people through schools and parent/teacher groups. The biggest concern was exploitation and trafficking through online gaming sites where predatory behavior was rampant or by pwning accounts of minors. That conversation shifted for a hot minute to cyber-bullying, and now we are in a whole new realm of digital parenting, facing conversations we never imagined we would have. Like my sister, most women have taken on homeschooling and being the in-house IT manager. In many households, women were unexpectedly burdened as schools shuttered in the wake of COVID-19. This monumental task not only includes trying to explain to our Kindergartners why a weird stranger joined a video call with their classroom but also includes dealing with a host of new threats leveled by criminals taking advantage of the situation. Not only are we trying to understand for ourselves the world of deep fakes, we are trying to keep up with all kinds of digital shaming while also trying to be vigilant about radical ideological groups who might be (metaphorically) sneaking into our kids’ bedrooms every night through their personal devices. Forget the birds and the bees; parenting has never been more challenging, all while we take on our teenager in the battle of explaining why TikTok may be a bad idea or why, with free gaming apps, you are the product. Nor has it been a more challenging time to be a woman online, as we are also disproportionately targeted by cyberviolence. Women are more likely to be targets of cyberviolence globally, and the COVID-19 pandemic lockdown has increased women's and girls' exposure to online gender-based violence. To be personally proactive as a parent on these topics assumes that you aren’t already completely overwhelmed with just keeping it together while everything is stressing at the seams. We aren’t only talking about the mental health of our children and teens; we are talking about the mental health of our families – and ourselves as wives and mothers. 4. Code Bias & DeFi > Gender Inequality & Social Injustice In the last three years or so, this issue has gained more exposure. It has recently been overshadowed by more pressing social justice issues such as racism, extremism, climate change, global pandemic, and economic inequality. Those issues are critical, but we can’t let this topic go to the back burner either as Machine Learning and Artificial Intelligence are rapidly evolving under our noses whether we like it or not. What’s concerning to me is how rapidly the digital future of the financial system is growing and evolving as the world leans into alternative currencies, blockchain, and decentralized finance. In the past year, I personally fell into the rabbit hole called cryptocurrency. I’m not alone. A recent study reported that women make up 43% of crypto investors versus 13% last year, making sense given how involved we are with household finances. However, just like the early days of the Internet, the early days of cryptocurrency are unquestionably dominated by ‘bitcoin bros’ (a term not coined by me, pardon the pun). While it’s great that more women are getting in on the investment side, the industry will be shaped by those building the exchanges and trading ecosystem, DeFi projects, and making decisions on everything resembling oversight. For an equitable future, we need to realize that the future of finance is being created and debated—but not arbitrated—by a group of people who don’t represent everyone. Women are putting more money in, but we aren’t represented in the underlying code that powers the entire system. While there has been a recognition that AI models can help reduce gender bias in things like lending, it is unclear how this will manifest in a development environment that is based on a wholly ungoverned, unregulated, and decentralized model. If it’s true that AI can help reduce gender bias, it’s also true that AI and rapid machine learning can create breaches and also propagate bias. So now what? Threat intelligence requires a robust community defense model, and a strong cybersecurity community means EVERY talented person can contribute, regardless of gender. We will not have a digital and economic future where women are equally represented and protected if we don’t get more women and girls involved in the hard parts of building it. As I’ve stated before in other blogs, these are not just women’s issues—these are financial issues, medical issues, mental health issues, and social justice issues that affect all of us as sisters, brothers, fathers, mothers, daughters, and sons. We need to focus on getting more diversity of all kinds in on the harder aspects of managing cyber threats, protecting against fraud, and developing the code base of the future, and we must do it together. Many young women get hung up on these areas only being available to women in STEM, which is a falsity propagated claim in the industry. While it’s true we need more women at the code level; we need more women at every level; more security analysts, more policymakers, more board members, more advocates, mentors, and more CEOs. However, for more women to do more things, we need to help each other not hit a wall and drop out of our careers, a troubling trend. We need to share the risk with our partners at home, lest we become the single point of vulnerability in our own households’ digital attack surface. We need more support for women as we transition back to life after COVID, back into the workforce, perhaps pivoting to new sectors or new roles. We need to keep diversity and inclusion as a top priority in the cybersecurity industry at all levels and not just think of it as a passing trend from a legacy a movement that feels like decades ago. This isn’t about leaning in; it’s about moving forward together. Security Intelligence Credit: Insights in this article were made possible by the RiskIQ Internet Security Platform. An abbreviated version of this original blog was also published in IT Toolbox Security on March 10, 2021