We believe Armor’s approach to cyber security is a game changer.
It’s easy to go down the path of believing that the latest cyber security software will keep businesses secure, throw in cyber security training for employees, and that’s the job done.
From a compliance view, yes the boxes are ticked. In reality, it’s nowhere near enough today.
There is a simple question to ask yourself, how much do you want to be the one to explain to the board why your company has experienced a ransomware attack? Not much we’d guess, then continue reading this blog post because there are valuable insights to learn.
Introducing the Cyber Security Mindset, Toolset, and Skillset
Whilst Cyber security software is a critical part of building and keeping cyber defences secure, Armor and Digital Craftsmen advocate that today you also need to have a resilient Mindset which together with a specialist Toolset and expert Skillset – creates a virtually impenetrable defence against cyber-attacks.
The approach is spearheaded by Miguel Clarke, a former FBI cyber security special agent who during his 24 year career, faced not only cyber criminals but hostile nation states attempting to steal military secrets from the Pentagon.
Bringing this wealth of knowledge and experience into the commercial sector based around the Armor approach is a radical move for any cyber security company. It’s one many CISOs are welcoming with open arms because it brings a framework that once understood and practiced greatly enhances not only business cyber resilience, but also personal resilience in every aspect of a person’s life.
Miguel believes in our daily lives we develop a set of behaviours and skills that keep ourselves and our families safe. These are learned behaviours and quickly become embedded actions we do instinctively, by second nature. For example, putting on a seat belt; looking after our children when walking with them and keeping them out of harm’s way; locking doors when leaving the house. These are all learned responses, and quickly become things we do without thinking.
Similarly, in cyber security, business leaders and their people need to learn a set of responses to cyber security which can support and protect them, alongside the software solutions which exist.
Cyber-crime is an established industry in itself, with an income equivalent to the third largest global GDP, after the US and China.
1. The average total cost of a data breach in 2022 is $4.35 million.
2. More than 75% of SMEs do not have a cyber incident response plan.
3. More than 60% of SMEs will go out of business within 18 months of a breach.
Talk to any cyber security professional and they will tell you that it’s people who are the main problem, with 90% of successful cyber-attacks starting with human error.
The webinar shows that people – and targeted cyber education – are part of the cyber security solution, and not the problem. Education and behavioural change, for employees and business leaders are therefore critical components in the defence against cyber-crime.
Cyber security resilience demands several components: situational awareness; calm observation and the application of the right remedy. This is a set of learned behaviours.
Miguel focuses on a few linked ideas:
The FBI security mindset: Miguel shows how to adopt the FBI security mindset – a framework that involves understanding where threats are coming in from, how to recognise them, react and respond to them without the fear and panic which most cyber security solutions seem to focus on.
Adopting the FBI Approach – Develop Winning Mindset – Building Muscle Memory.
The Winning Mindset starts with replacing the sense of helplessness that cyber-attacks create in us all, i.e. the perception they are something we can’t (entirely) control, we’re at constant risk and operating in fear of where the next attack will come from.
However, changing the mindset doesn’t happen just because people are asked or told to do something. It happens when the mental tools for a way of thinking, how to react and respond are introduced, followed by practising them. This trains the mind and builds the mental muscle to instinctively know how to deal with cyber-attacks, from basic phishing emails, to sophisticated social engineering attacks and whatever other threats cyber criminals are developing.
This blueprint for success starts by not using fear as the primary message. Rather it focuses on the belief that everyone is capable of becoming personally and professionally resilient to cyber-attacks. Removing fear and replacing it with a positive message has been proven to increase the mind’s ability to learn by between 26% – 31%. Therefore, by removing the fear, the brain absorbs the information.
The Winning Mindset Framework adopts the approach developed by Allied fighter pilots in World War 2.
Fighter pilot mentality: In battle, fighter pilots need to understand and assess prevailing threats, and respond appropriately, at high speed. This is a well-developed and highly-honed skill set. The success of their approach relies on them ‘knowing’ less and ‘practising’ more.
The model adopted by Fighter Pilots is called OODA.
· Observe – see what is happening.
· Orientate – understand what is happening from different viewpoints.
· Decide – what to do.
· Act.
It’s a knowledge loop that helps you to respond fast, and to have control of the situation, rather than the cyber criminals having the upper hand.
Cyber security as a doctrine: it’s important for business leaders and their people to understand the core principles that underpin cyber security. Ultimately, these are as valuable in their daily lives as their work lives.
This doctrine is led by the following ideas:
· This approach takes the fight outside the house, to a neutral place where the fight happens. It’s about learning how to lure the adversary to a place where you have the advantage over them.
· Despite the technological barriers to cybercrime, the weakest point in many organisations can – unwittingly – be their people, who often, inadvertently, provide access to cyber criminals through phishing activities.
· Security software alone is not enough, education is key for business owners and this is where Miguel’s expertise and experience is so valuable.
Cyber security is, therefore, the combination of Skillsets, Mindsets and Toolsets, which will provide the best defence. It’s about learning new life skills, in the online world we live in.
Skills that will become as natural in everything we do as, say, putting a seat belt on in the car.
