The big cyber security problem you probably never considered
In an increasingly digital world, it's absolutely vital the IT industry comes up with cyber security solutions that work for the disabled.
We've all heard about the digital divide, and how important it is to make it easy for the poor to access our increasingly digital world. But there's another group that is even more digitally disadvantaged − the disabled. And a particular flashpoint for this marginalised community is the question of security.
The disabled make up a large group, with an estimated billion people (15% of the global population) falling into this category. Making the digital world accessible to these people has received a certain amount of attention in recent years, with operating systems like Windows having various accessibility options, such as speech readouts of pages.
The challenges of accessibility are by no means overcome, especially given the range of disabilities that exist. Aside from deaf and blind people, what about those with varying degrees of immobility, or who lack digits? One should also recognise that growing longevity means there is a greater population of older people who are likely to develop hearing or sight impairments.
But there's a new and pressing accessibility challenge: online security. How can the IT industry ensure disabled people can access their applications and information securely?
Developers and the IT industry need to more closely collaborate with organisations representing the disabled.
This is not a trivial issue given the digitalisation of virtually everything, including highly-sensitive areas like banking and critical medical services.
In addition, increasingly stringent compliance requirements relating to information security are now being legislated and enforced globally − the Protection of Personal Information Act is South African law, with provisions for hefty penalties on non-compliance.
Another reason for the industry to focus on secure access for the disabled is that government is legislating greater inclusion of the disabled in business. For example, the B-BBEE codes give extra points for employing disabled people. Hence, as more disabled people are being integrated into the workforce, they will require secure access to the corporate network without complication.
All of this is playing out, of course, in an environment in which highly-resourced and active cyber criminal syndicates are targeting corporate systems. Disabled people are particularly vulnerable, as they often rely on a third-party to help them access sites with no accessibility features or options.
This remains a security vulnerability for companies with disabled employees and customers alike.
Daunting set of challenges
The challenge of secure accessibility should perhaps be approached within the context of accessibility generally; challenges relating to accessibility will naturally impact how security protocols are designed and used.
Accessibility information is typically conceptualised as a framework of four principles, summarised by the acronym POUR: perceivable, operable, understandable and robust. Many of the technology challenges faced by the disabled can be described by one of these four.
Perceivable: A website's navigation consists of a number of links that are typically displayed in a different order from page to page. This can be very confusing to, say, a blind or partially-sighted person. Solutions would be to provide text alternatives to non-text elements − these textual elements can be rendered as speech, in large print, symbols and braille. Information could also be displayed in consistent ways and a simpler layout, and time-based media could be avoided, or alternatives developed. Voice recognition has a role to play, as do keyboards and screen readers.
Operable: Some disabled people will find mouses hard or impossible to use − keyboards may be a better alternative. Making all functionality accessible from a keyboard is thus important for a number of different types of disabilities. Users also need to be given sufficient time to read and use content, and content must be designed in ways that do not provoke seizures.
Understandable: Consistent page design is an important principle here, as is the clear definition of jargon and acronyms.
Robust: The content on a site or application needs to accommodate access in different ways to allow a wide range of disabled to use it easily.
Web Content Accessibility Guidelines (WCAG) are published and updated by the World Wide Web Consortium to guide how websites and, by inference, applications, are designed. WCAG 2.2 is currently available.
Call for collaboration
Developers and the IT industry need to more closely collaborate with organisations representing the disabled, to identify technologies and methodologies that will make it practical for disabled people to securely access the digital world.
For example, for those with vision impairment, fingerprints are secure and convenient, while facial recognition is less so − a criminal could use the disabled person's smartphone to pass the security check without detection by the phone's owner.
However, fingerprint scanning would clearly not be the solution for an individual lacking digits, or who experiences low mobility.
Going forward in terms of technology development and at the concept stage, considerations for the disabled need to be built into the initial design/software, as retrofitting may prove a costly exercise.
In short, there is no silver bullet to this challenge − it will require awareness, collaboration and concerted efforts to address properly.
Security solutions executive, iOCO Tech.
Paul Meyer is a security solutions executive at iOCO Tech. He has over two decades of experience in IT security technology, covering application, identity, perimeter and endpoint security. He commenced his career as a security engineer team lead and has held senior positions with multiple security vendors and ICT service providers in South Africa. In May 2022, Meyer was appointed to the role of security solutions executive at iOCO, where he is responsible for identifying, learning and bringing security solutions to market. The role is strongly focused on technically supporting the sales process and managing vendor relations.
Paul Meyer is a security solutions executive at iOCO Tech. He has over two decades of experience in IT security technology, covering application, identity, perimeter and endpoint security. He commenced his career as a security engineer team lead and has held senior positions with multiple security vendors and ICT service providers in South Africa.
In May 2022, Meyer was appointed to the role of security solutions executive at iOCO, where he is responsible for identifying, learning and bringing security solutions to market. The role is strongly focused on technically supporting the sales process and managing vendor relations.