The increasing use of technology and social media have given abusers yet more platforms to target others with negative behaviour.
Harassment and abuse come in many forms, such as online, in-person, physical or verbal, creating an intimidating and hostile environment for the victims.
Human nature dictates that we must retaliate and ride to the support of victims, but that is not always the best way to deal with this kind of behaviour.
In an attempt to stamp out this toxic culture and beat the bullies, the Respect in Security (RIS) initiative aims to start a conversation and urges organisations to pledge support for a workplace and community free from harassment and fear as well as help those who have suffered or are suffering, to deal with the abuse a different way.
Additionally, RIS is looking to “arm people entering cybersecurity with the knowledge that their peers and employers are there to support them should they ever be targeted”.
The initiative describes itself as a place to “support victims of harassment, both online and in the workplace,” where stats have shown that a shocking 35% of cybersecurity professionals have experienced some form of in-person harassment, while 32% report similar abuse online.
To provide firms with a platform to combat the threat and give infosec professionals an indication of which employers support this view, the team at RIS is asking organisations to take the Respect in Security pledge.
In an interview with DIGIT, RIS founders Lisa Forte and Rik Ferguson discuss what the initiative is, why they have decided to do it, and how badly an initiative like this is needed in the security industry.
What is Respect in Security?
RIS stems from a Cyber House Party panel, where it became clear just how bad the problem of abuse and harassment has become in the cybersecurity sector and its true impact.
Personal accounts of harassment and abuse really hit home with attendees at the event, including Ferguson, who says he found them “supremely shocking,” and he knew something had to be done.
“I was not the only person who was having the reaction that I was having. This surprised, shocked, ‘wow, this is really happening’ reaction,” Ferguson says.
“After the event, one of the founders of Cyber House Party, Mark Avery, and I had a conversation where we were both saying to each other ‘What can we do?’ What can we do as people who do not suffer abuse really within this industry? how can we make a concrete difference to this and how can we do our bit to stop this from happening in the future?”
RIS says its aim is to empower people to voice their cases of abuse and harassment without “fear of retaliation,” and through their work, to expect an “immediate and respectful response” to their concerns, free of prejudice.
Forte adds: “One thing we decided was that we do not want to create a situation where we are asking people to report on other people and create that kind of culture because that is not really consistent with what we want from the industry.
“However, the one thing that every single person can control is their own behaviour, and so that is why we thought that [the initiative] would be a nice spin-off for the individuals.”
What is the scale of the problem?
Currently, infrastructure to protect people from harassment is insufficient, despite 82% of polled staff saying their organisation has policies and procedures in place.
Almost half (45%) said that their employer should be doing more to “ensure all employees understand what constitutes harassment and what acceptable behaviour looks like”.
Forte comments on the scale of the issue RIS faces, using her own experiences as an example.
“I think that the big misconception is of what harassment is. One thing I did not realise before I started getting subjected to trolling and other things online was just how diverse their MO can actually be,” she says.
“I have received online stalking, in-person stalking, I’ve had all sorts of types of abuse. I know other people have had death threats and rape threats.
“We had a person that came to us who had profiles made pretending to be him in order to essentially defame him and slander his name.”
- Invasive council algorithms “discriminating against Britain’s poor”
- Treasury launches £375m scheme to support high-growth tech firms
- EU proposals look to improve crypto asset transparency
As it stands, 16% of respondents to an independent survey conducted by Sapio Research on behalf of RIS research said they would not tell anyone if they witnessed or were a victim of harassment, either by choosing not to (9%) or because they are too scared to (7%).
Forte questions what impact high levels of harassment would have on someone vulnerable or struggling and isolated due to the pandemic.
She notes that how someone reacts to the abuse is important and that taking it the wrong way could potentially be life-threatening.
“I do not want to work in an industry like that. I do not want to work in an industry where that is okay,” she says.
What can we do about it?
RIS was born out of a view that security firms need to do more to protect their staff and to combat harassment, wherever it is found.
Alongside five people working within the securities sector wanting to make a difference, Ferguson and Forte have created a ‘pledge’ for firms to take.
“We are inviting organisations to show that they are committing their organisation and their organisational policies to build a culture, and an environment, free from harassment and free from fear of harassment,” Ferguson says.
Forte suggests that others make use of released RIS content, such as Facebook frames and backgrounds, that give them “a way of saying to the world ‘I promised to not engage in harassing behaviour online. I will not engage in hate speech or trolling people or abuse online or in person.”
The initiative launches today (Thursday the 22nd of July) at 10 am. Forte says, to get involved, interested parties can visit the website, which has guidance for ways to boost encouragement for their companies to take the pledge.
Ferguson acknowledges that larger companies are likely to have better systems in place to deal with harassment and abuse, but that the pledge takes it one step further.
“What we are adding to the Pledge will take it beyond the realms of the single organisation. We are asking firms not only to sign the pledge but to agree to make their grievance policy public.”
Ferguson continues: “At the moment, certainly in our industry — and I am not sure if it exists in any industry, [policies] are not in place, but I think it is a really important safety net to allow people who are being victimised to know that they will be listened to and that they will be taken seriously.
“I think it is also an important deterrent. If somebody is tempted to engage in harassing behaviour, and they know that they work for a company that has signed up to this pledge, I sincerely hope that it will make them think twice about doing so.”
Respect in Security | Be part of the conversation
The Respect in Security Initiative was set up to take a stand against all forms of harassment in Infosec.
RIS launches on Thursday the 22nd of July at 10 am. To find out more information, contact the team and get a copy of the pledge, head over to their website here.