In last week’s blog (part 2), I continued to explore the pros and cons of using an MDR provider and whether it’s better choosing a boutique provider over that of a traditional big brand. Having begun by discussing the first core feature, technology, I then focused on the second core feature, contract terms. I wove in many data points, including some from Managed Threat Detection and Response firm, e2e-assure, who I’m partnering with, and their latest report, Rejuvenating Cyber Defence Strategies. This week, I’m considering the third feature, the workforce and specifically team diversity.
So, whether you’re an enterprise or a small to medium sized business, keep reading because by the end of this blog, you’ll have a better understanding of which option will best suit your needs.
Core Feature #3. Team Diversity
Team diversity is the final consideration when selecting an MDR provider. Having a diverse MDR team is key to providing best of breed threat detection and response services, as it reduces the likelihood of group think by bringing together individuals with different genders, ages, backgrounds, cultures, experiences, and perspectives to generate new ideas and innovate solutions. Having team members who can understand their clients’ needs on a deeper level, always makes for a successful partnership.
And whilst diversity covers a wide range of dimensions, including ethnicity, race, gender, sexual orientation, age, ability, socioeconomic status, religion, nationality, language, cognitive, neurological, and educational background, there are only three I want to focus on in this blog – gender, ethnicity, and neurodiversity.
There are numerous genders, and of course you can be between a gender, but if you consider women, the strengths they bring to an MDR provider as analysts and threat hunters are unique. According to numerous research, which I refer to in my book, IN Security, women tend to be more detail-oriented, thorough, collaborative, and communicative in their approach than their male counterparts—all of which are key elements in successfully tackling threats.
Countless studies have shown that women and men gauge risk differently. For example, Byrnes et al. (1999) presented a meta-analysis of 150 psychology studies that showed that women are in some situations significantly more averse to risk than men. Research on Gender Differences in Risk Assessment: Why do Women Take Fewer Risks than Men? by Christine R. Harris and Michael Jenkins from the University of California, and Dale Glaser Consulting Firm, concluded similarly. It turns out that women are highly competent at assessing odds and the way this is evidenced is by women avoiding more risk than men.
Interestingly, the World Economic Forum has been tracking women’s perspective on risk for years, along with other factors such as age and types of organisations. You can see this when you play with Group Selection on the WEF’s Severity graph here. Knowing this ensures that all angles are explored and kept in mind when making decisions about how best to protect data and networks from malicious actors. Finally, research also tells us that having more women in a group raises the group’s collective intelligence. Therefore, if there are more women threat hunters in an MDR team, and the team is working collaboratively, it will undoubtedly improve the quality of the output.
Ethnic diversity ensures a broader range of perspectives, cultural experiences, and problem-solving approaches within the team, leading to more effective threat detection and response strategies. One of the key advantages of ethnic diversity is the ability to better understand and anticipate threats targeting specific communities or regions. Cybercriminals often exploit cultural nuances, language, or social engineering techniques tailored to target specific ethnic groups. By having team members from diverse ethnic backgrounds, an organisation gains valuable insights that help them stay ahead of emerging threats and devise appropriate protection measures.
Ethnic diversity also fosters creativity and innovation within an MDR team. Different cultural perspectives and experiences foster fresh ideas and alternative solutions when tackling complex cybersecurity challenges. By encouraging open dialogue and embracing diverse viewpoints, teams can benefit from the richness of multicultural perspectives, enabling the development of robust defence mechanisms.
Furthermore, ethnic diversity in an MDR team helps build stronger relationships with clients and stakeholders from different backgrounds. Clients who belong to specific ethnic groups may feel more comfortable and confident working with a team that reflects their own diversity. This trust and cultural alignment can foster better communication, collaboration, and ultimately, more successful outcomes in managing and responding to security incidents.
Moreover, diversity promotes cognitive flexibility and critical thinking. When individuals from various ethnic backgrounds collaborate, they bring their unique knowledge and experiences to the table. This diversity of thought allows for a more comprehensive analysis of security incidents, as different cultural perspectives may reveal previously overlooked patterns or vulnerabilities.
Having neurodiversity in a MDR team brings numerous benefits that enhance overall cybersecurity efforts. Neurodiverse individuals possess unique cognitive profiles, allowing them to approach challenges from different perspectives and contribute valuable skills to the team. This ability, when realised in an MDR team, offers a significant benefit in terms of enhancing problem-solving capabilities. Neurodiverse individuals often exhibit exceptional analytical skills and thinking patterns, enabling them to identify patterns and detect anomalies that others might miss. This heightened attention to detail can be instrumental in threat hunting and incident response, as it allows for a more comprehensive and thorough analysis of potential risks.
Another benefit is the diverse range of cognitive strengths neurodiverse individuals bring to the team. For example, individuals on the autism spectrum often exhibit excellent memory, attention to detail, and logical reasoning abilities. These strengths can be channelled into tasks such as malware analysis, data forensics, or vulnerability assessments, where meticulousness and systematic thinking are critical.
Furthermore, neurodiverse team members can raise creativity and innovation within the MDR team. Their unique perspectives and ability to think outside the box can lead to the development of novel approaches and solutions to complex cybersecurity challenges. By encouraging diverse thinking styles and promoting an inclusive environment, organisations can tap into a wider pool of ideas and strategies that can greatly enhance their MDR capabilities.
MDR team selection
So, when selecting an MDR provider, take the time to research the team. Check out its website and social media profiles for details on its employees’ backgrounds, experience, and capabilities. Additionally, ask about any diversity initiatives they have in place or whether they are members of any diversity initiatives. This will help ensure that the MDR provider is serious about diversity and has an inclusive culture.
Big brand providers typically have an advantage over boutique providers as they have greater economies of scale which enables them to invest in internal diversity networks and employ a larger, more diverse workforce. However, this doesn’t necessarily mean that boutique providers lack diversity as they often hire people from different industries, backgrounds, or who are neurodiverse. They can often have less rigid, and more personalised experiences, appealing to minority groups. All MDR provider should be able to provide you with clear details on their team composition.
Selecting the right MDR provider is an important decision for any organisation that’s looking to comprehensively protect their organisation. There are numerous factors to consider when choosing one, from technical criteria to contract terms, vendor independence and team diversity. Ultimately, you should select the option that best fits your needs and budget, with the primary goal of ensuring your cybersecurity solution mitigates your organisation’s risk. With the right MDR provider, you can be confident that you are taking all the necessary steps to reduce compliance failures and protect your organisation from the growing number of threat actors.
Now I want to hear from you…
If you’ve already invested in an MDR solution, I’d love your insights. Please tell me are there any specific diversity-related questions you wish you’d asked your provider before making the purchase?
Or, if you haven’t yet decided on an MDR provider, please tell me what are the burning questions you’d like answered?