FBI principles and employees’ mindsets provide key to cyber security: Miguel Clarke
The first thing to grasp is that all firms, of all sizes, are potential victims of cyber-crime. It’s naïve to assume otherwise.
As a previous FBI Agent, I’m pleased to be in the UK with Armor, a cyber security advisory firm, in partnership with Digital Craftsmen, as an evangelist for cyber security. In conversations with business leaders, we consider the theme of ‘Into the Mind of the FBI – Give Yourself the Advantage.’
This is a series of insights from more than two decades of FBI experience, and how FBI operating principles, and your employees, can help strengthen cyber security.
Let’s think about the context of keeping ourselves safe in our daily lives. We develop a set of behaviours and skills that keep ourselves and our families secure. These are learned behaviours and are actions we do by second nature. For example, putting on a seat belt; looking after our children when walking with them. These are so embedded that we do them without thinking.
Similarly, in cyber security, business leaders and their people need to learn a set of responses to cyber security which can support and protect, alongside the software solutions which exist.
Talk to any cyber security professional and they will tell you that it’s people who are the main problem, with 90 per cent of successful cyber-attacks starting with human error.
However, my FBI cyber security experience tells me that people - and targeted cyber education - are part of the cyber security solution, and not the problem. Education and behavioural change, for employees and business leaders are critical components in the defence against cyber-crime.
Cyber security resilience demands situational awareness; calm observation and the application of the right remedy – a set of learned behaviours.
So, it’s important to develop a winning mindset. This starts with replacing the sense of helplessness that cyber-attacks create in us all, that we’re at constant risk and operating in fear of the next attack.
However, changing the mindset doesn’t happen just because people are asked or told to do something. It happens when the mental tools for a way of thinking, how to react and respond are introduced, followed by practising them. This trains the mind and builds the mental muscle to instinctively know how to deal with cyber-attacks, from basic phishing emails, to sophisticated social engineering attacks and whatever other threats cyber criminals are developing.
I believe cyber security is a doctrine, as much as a suite of software and technical tools. It’s important for business leaders and their people to understand the core principles that underpin cyber security. These are as valuable in their daily lives as their work lives.
Cyber security is therefore the combination of skillsets, mindsets and toolsets, which provides the best defence.
Miguel Clarke is a former FBI special agent specialising in cyber security. He is in the UK to host a series of briefings and webinars, including a breakfast briefing at the offices of Ascensor, Leeds and a webinar, today.