Cybersecurity divide

While we love doing “What the Hack,” some topics resist dad jokes, and this is one of them. There is a cybersecurity divide that breaks roughly along blue state/red state lines that persists in the United States. The cybersecurity divide is yet another manifestation of the cultural and economic divides that have existed within the U.S. for decades. 

Big versus small, rich versus poor, those who vote versus those who do not; these are the forces behind the cyber divide in the United States. You could lean on that old standby “follow the money” or you can talk about underserved communities–but it amounts to the same thing. Rural areas haven’t been where the money flows for a very long time and although that is changing because of technology, it’s not changing fast enough to help underserved communities deal with the ubiquitous and persistent cyber threats we all face. It is a similar situation in minority communities. 

There seems to be an antiquated view that unicorn companies have intellectual property and data worth protecting, and small to medium sized businesses don’t, but smaller third party vendors are often the way into bigger targets for state-sponsored hackers and criminal enterprises alike. 

Small and medium sized businesses have never gotten the same sort of attention larger organizations have. The compromise of larger companies with enormous amounts of consumer data like the credit reporting agencies imperil too many people for the government to allow them to be vulnerable. Everything and everyone is always going to be vulnerable to a breach or compromise. On the surface it makes sense that larger organizations get the big push for cybersecurity initiatives, but in the process smaller ones are neglected. The problem is we’re all connected, and only as secure as the weakest links in our cyber communities. 

Mom and pop shops aren’t the only issue. For example, there are thousands of independent accountants out there with a lot of sensitive information and no federal standard for how they store it, unlike for instance healthcare organizations that are regulated by HIPAA. 

Another issue is political. Many Americans are hostile toward federal legislation that mandates time-consuming and often expensive protocols. They just don’t have the extra money for it, and it is a third rail issue. 

Spotty access to broadband internet in rural and lower-income communities affects an estimated 30 million Americans, which contributes to anemic educational offerings on computer science-related topics, including cybersecurity. President Biden’s bipartisan infrastructure legislation allocates $65 billion to expand access and lower costs in underserved areas, but the underlying problem is that less access isn’t the entire story. 

Digitally underserved rural communities, minorities and the small businesses located there seem to exist in a technological redlined zone. Some of that “redlining” corresponds to areas that tend to be low income; if it’s a minority community they probably vote Democrat and if we’re talking about rural areas they vote Republican–but what they share in common are cybersecurity deserts. The cultural division of cyber served and cyber underserved breaks along economic lines. It’s the same old story, “follow the money.” 

The lack of trained cybersecurity professionals should also be noted. We’re approaching a shortfall in the millions. Cybersecurity positions remain open across the country, and the industry is plagued by high turnover and burnout. The workforce tends to be concentrated in regions where the technology industry is well established, which also exacerbates the problem in underserved areas.