Zen and the Art of Cognitive Defense: Zero-Trust Mindsets and Cyber-Mindfulness - Anna & Christine

okay well good morning everyone thank you so much for for having me my name is Anna Collard I work for a company called No before and we specialize in the human risk factor and um I get around a lot uh so I travel quite a bit uh which is also why I brought my kids with me this morning so they can actually be here because I'm based in Cape Town and I have to say that out of all the conferences that I get to see over the year bides Cape Town is my absolute favorite and it means so much that I can be here today and thanks again to Charles and the organizers for pulling this off it's amazing

um and I'm also super happy because I'm I'm here with my friend Christine who traveled all the way down from jobber Christine works at netbank and we are going to talk about something that we both really passionate about so yeah thanks so much enjoy the ride um before we start off I wanted to show this picture Maybe by show of hands who's who's seen it some of you have so a couple of weeks ago months ago we had uh this hurricane in in Florida called hurricane Helen and um obviously a lot of people actually all of our team and because our team is based in in Tempa Florida they all had to get evacuated and there was obviously

obviously a lot of um media making the rounds and one of those pictures that went viral was this one um and you know it's obviously full of emotions I mean you can't get better than that with a puppy and a little girl in the rain and and people just shade it like crazy it's so obviously a deep fake I mean the pictures that went around if you look at the the second one here it's got the go has six fingers the the color of of the boat changes you know and it didn't it didn't take a specialist to point out that this is not factual but the fact Checkers did point it out and what

happened people still shade it they said that we don't care that it's fake it's it still represents what's happening it it represents what what I believe in which is that the government has failed us and sort of you know and and why I'm sharing this is because it it's it's so important to to remind ourselves that people love to share stories particularly when they're emotional and they actually don't care whether it's fake or not um and it's very dangerous because from a just from a sort of human humanitarian point of view it means that it takes attention away from the areas where they really needed help um also from a nefarious point of view I mean

all you guys know if social Engineers use that they can you know like get people to pay money or donate money to fake uh fundraises scam them you can influence people so this this whole fact not that this is a deep fake or that deep fake is a problem which obviously it is but it's the human nature of wanting to share stories that resonate with our inherent biases um and churel actually like 50 years ago he already said uh you know what lies can get halfway around the world before the truth has time to put their pants on and and I think this is more true today than it than it ever was and the danger is actually not so much

the speed of of the digital world that we live in it's it's our brains you know it's the the stories that get in our brains and how we interpret those stories and that that really leads us to sort of the the theme of today which is cognitive Warfare and how not just nation states but anyone really can use the this power of influence and manipulation to get people to do things that isn't necessarily in their best interest and I'm not just talking about cyber criminals by the way I'm also talking about nefarious advertisers I'm talking about algorithms being used by social media platforms that purposefully know this and use it to keep children glued onto Tik Tok I mean if you're a teenager

and you tap into Tik Tok s you know show me something inspirational the algorithm will in time serve you with you know why are you looking for something inspirational you must be depressed so let's serve you some more suicidal uh ideation content because anything that's said actually keeps you glued for longer um and I find this is actually much more dangerous even than your your little Nigerian scammer that's trying to to get us to you know I don't know click on stuff um so it it really you know this this this whole world that we live in and I'm I feel very very passionate about because I have two children they're not on online yet and I will try

and delay it for as long as possible um for that exact reason because we have to build that cognitive defense against this world that we live in we have to help them to build up um a level of Street smartness and I always when I speak to journalists I I tell them you know you wouldn't send your kids out and and sorry Christine no offense I wouldn't send them to downtown jaberg um by themselves at night right but that's what we do when give them like smartphones and say go wild on Tik Tok and Instagram and you know converse with this the financial extortionists Etc anyway but there is there is a solution to that that that we believe can

actually help build that cognitive defense and um that's why the title of the talk is is Zen and uh cognitive defense and when we um talk about Zen mindfulness Etc you know many people have different sort of interpretation of it but I want to like really simplified and do a very very short mindfulness practice with you all if you inul you don't have to participate but um you're welcome to participate just to show you how easy it is to actually like program your minds or debug your minds to build up a what I call a present state of mind that actually gets you to be more productive more focused but also um protects you against

manipulation and so anyone that wants to participate I invite you to take a deep breath through your nose into your belly you're welcome to close your eyes for this and sort of feel your belly expand with the inhale and then deflate with exhale let's do this one more time and the flate and now um when you open your eyes can you find three things in the room that are white and silently name them

and uh and next can you find two different things in the room can you differentiate them that you can

hear and sorry thanks Jo and then uh lastly can you um focus your attention on something that you can taste maybe the coffee or whatever you had earlier good and this is like all it takes it's like a very simple exercise to bring us out of our mind back into our bodies connect with our senses and this is present like you know more present and while I have you being more present another mindfulness technique is called intentionality is um again you know if you indulge me you can close your eyes for this but ask yourself you know why are you here like what is the intention of being here is it is it to get inspired is it to meet more people

is it to expand your network or is it maybe just to have fun or maybe all of these things together that's the why and then ask yourself how do you how do you want to get to that by the end of the day how do you want to show up to achieve that intention and if you then silently tell yourself okay I'm here because I want to have fun I want to expand my network I want to learn and I will show up being fully present I want to be there when I talk to my peers I want to listen to the the talks that I will participate in and and I want to really have fun and by the

end of the day I come home and I feel yay this year was amazing amazing because I attended bides that's another mindfulness practice called intentionality and it's really powerful when you do that before meetings before big events um and and it actually has nothing to do with what people think you know is any talking about yoga or whatever no those are just mind techniques that help you to program your minds and obviously I'm I'm hoping that we get our kids to learn this in school um to enhance their critical thinking and their cognitive defense and this is really um what what we're going to share today so I'm going to talk about the theory and then Christine will share how

they've actually implemented that type of campaign in an environment um that you wouldn't associate with this at all uh at netbank um for the last 18 months so again the people in the room that know me apologies you would have heard me talk about this a million times but it's such a pivotal experience um you know like I I said that i' I've I work in human risk management I've actually worked in cyber security for more than 20 years and I spent the last 10 years focusing on security awareness and training people not to fall for fishing emails and all of that stuff but um about 2 years ago I was sitting in an Uber car and um here in Cape Town on the

way to Claymont to pick up my car and it was after dark and I was talking to the driver um I was packing my rock I was also checking outside for any dodgy characters and I was checking my emails at the same time bad idea because in that exact moment I got this particular fishing test it was just a simulation and it's very obvious you know uses that low grade form of pressure um like seriously as a security professional I should have like spotted this from a mile away but in that moment I clicked on it and then um you know as a consequence or punishment however you want to look at it our um it guys made

me take training that I've developed myself a couple of years ago and I'm seriously and then I'm like this doesn't make sense like I'm trained I I know how to hover over links and do all the good things um but what they also did which I thought was really clever and anyone that's running security awareness campaigns maybe you want to implement this as well is that they sent out a survey where they asked me you know what happened what state of mind were you in why did you click on this and I said this is really interesting data because we all work for a security company I shouldn't be clicking my colleagues shouldn't be clicking but we do and you

can see here in 53% of the cases my colleagues fail these tests not because you're not trained but because they were like me busy multitasking frazzled distracted um and that actually then um led me into doing this whole research journey and why I'm um here here's the the training program by the way they had to do um which I don't know if anyone is here from sunlam which we developed with sunlam um a couple of years ago and this is like no Four's best hit training like we've had over 2 million completions across the world thanks Salam Yan will yeah Chris um anyway so so this is when I then said okay I want to really look at

this like this is much bigger than what we you know we we we keep training people for forever and it's not helping so I started the the research journey to read up about suceptibility models and what makes people vulnerable to manipulation to social engineering and there are a lot of really great models out there but they didn't cover everything so I I used the ones that were there and I I tried to simplify them into five categories um those categories each have multiple factors underneath them that make humans susceptible to manipulations and I'm I'll talk you through some of those so those five are cognitive behavioral psychological situational and demographics if we start on the

cognitive side um you know obviously you know we we've been you know like we animals right so in our brains um are all about energy conservation from a survival point of view it makes sense that we use as little energy as possible and that means that and it's very clever that Our Brands have developed this ability to think in euristic and in shortcuts and what what is called system one thinking and you'd be surprised that about 80 to 95% of the the time and the day that's the mode we in it's like an autopilot you know when you drive from home to work you don't have to think about it um because it uses up energy if you have to

think about something really hard and that makes sense and most of the time but unfortunately there's also where the criminals or the manipulators come in and get us to sometimes make decisions or take shortcuts that are not correct cognitive biases is one of those examples that are euristic those are those shortcuts and there's more than 200 cognitive biases that are documented in literature and from those there's just a a couple that that really apply in a cyber security world like for example trust buyers you know again it it's it's easier to trust someone at first it's a survival mechanism again um and it's our default it's the human default that when we meet somebody when we see

something for the first time our default is to trust um so obviously that's a bias that gets abused um Authority bias gets abused all the time but impersonation of of brands or or Executives Etc there's another bias that I find quite interesting because it really applies to us in it uh called the Dunning Kruger effect um and that talks to the fact that we think we are better better than we really are we know more than we you know we I work in security I work in it I know this stuff and that's another buyers where they get us um so anyway so there's a lot of these factors that apply if we if we bring it back to

my Uber story I definitely wasn't on autopilot you know I didn't have to check my phone while I was talking and doing lots of other things so I was in system system one thinking and that's what caught me but then there's also behavioral factors um the fact that I was multitasking terrible multitasking by the way if you take one thing away from this whole talk it's how absolutely terrible multitasking is and I know I'm a I'm a mom I'm a woman we get told to multitask we know we can't um I mean I always have to even back in the day I have to switch my radio off when I when I park like you this is

true and um the the the reality is that our brains obviously I can I can breathe and talk at the same time but I I you cannot do two cognitively effortful tasks at the same time like your brain switches from one thing to the next and every time it does that it again uses up glucose it uses energy it actually makes you feel tired um and unfortunately it has an addictive component to it and and obviously the devices and the slack notifications and whatever they all feed into this and then we we and we've all been there right where at the end of the day you You' you think you've done so much but you you've been so active but

you haven't you haven't actually produced anything so we this world is like making us look at a million things at the same time but we not we don't actually get anything done so multitasking is terrible and it's proven particularly media multitasking it's proven in in and and and science that it it's absolutely terrible and it makes us much more susceptible and vulnerable to manipulation and then there's a couple of other things like exess method I was on my phone um people are generally more susceptible to social engineering when they're on their phones probably because that's when they're out and about in multitasking it's a small screen um and maybe dny kruer comes into effect as

well thinking oh I've got an iPhone nothing can happen there right that kind of thing psychological factors are also at play um emotional regulation makes sense right A lot of these these um techniques use emotional triggers um so if you have a personality trade maybe Again by show of hands who has heard of the big five um personality trades before yeah so not that many but it's it's if you work in HR and hiring it's quite a common kind of psychometrics assessment that in the past they used to do uh the mayor bricks nowadays the big five is the new defecto standard of assessing people's personality traits and there are five of them and obviously each of

us are on like a spectrum on all of them um and one of those traits is is what's called neuro um neuroticism or emotional sensitivity and if you happen to be high on that Spectrum which I have to admit I am a little bit higher on a spectrum um so I cry with the adwards and I get like really you know um it's a problem because that means that if you are higher on that Spectrum it's much harder for us to regulate our emotions when we get triggered we get like overwhelmed much quicker than someone they called like Obama by the way Obama no drama Obama he was very low on that Spectrum which makes him you know calm Under

Pressure amazing if you if you have that if you naturally not like that you need to be aware of it and and work sort of against your nature um and funny enough that personality trade is also linked to selfcontrol and actually also to success in life so if you're high on a neuroticism scale if you're too high you you know he screwed actually because um there's so many links from that one trait to self-control which self-control is linked to success in life and and again all of these factors play a role in likely we are to click on you know is um susceptibility to persuation that actually talks to a trait that people have regardless even of their

personality traits it's just um it's more related to culture and some of us are just more gullible than others um and then things like mental illnesses conditions obviously also play a role your mood plays a role so it's interesting how those there's so many factors again that influence How likely somebody is being scammed manipulated influenced and in situation as well you know obviously if you and at that Uber story I was it was the afternoon I was hungry or hangry fatigued um our self-control goes down the the the drain when you when you're hungry when and to give an example for that you know in our office we have um this cupboard full of sweeps and during the mornings and even

after lunch I'm like no I'm not you know I don't even look at it but in the afternoon my self-control is out the window and I eat the sweets if it's there um so just the situation um plays a a huge role um time of day distraction Etc but also then on the flip side the quality obviously of your awareness programs and your your um position of power ironically a lot of people think are the executives are more likely to click they're more likely to take risk they're actually not it's proven that the higher you up the rank the more you understand risk and the more careful you actually are and then lastly demographics play a

role age definitely um the the most vulnerable groups are your elderly as well as The Adolescents why is that in adolescence um the brain development hasn't finished yet and that means again like from an emotional triggering emotional regulation it's much harder for a teenager to control to regulate and they and they obviously much easier manipul ated and that's why and again I referred to them already those extortionists those Nigerian um scammers Target teenage boys in particular that's their latest sort of target market because they know they're so easily manipulated with the financial sextortion scams um and then the elderly I think we know you know obviously there's neuro degenerative diseases that come into play but also isolation

loneliness you know if my my my dad-in-law he just got a call just a week ago I shared it with Christine because he wrote the whole story up this nice lady who who chatted with him over the phone and she was so friendly and you know and obviously trying to to scam him um gender there's no there's so many different reports that are so inconclusive so I decided gender doesn't play a role for the academics here all the literature if you're interested um and I highlighted just in red the factors that influenced me and my story and in green that sort of helped me not to submit my credentials um so there's positive and negative that but it also shows how

complex our Behavior really is Right human behavor because all of these factors are interdependent they influence each other and um it just shows how if we think about you know your traditional security awareness training we missing something here right like if if all of these factors are at play and those are just the ones that are found that are documented there's probably way more um but there's 33 that that are that are found documented and we probably in our traditional awareness training as well as some of the technical controls we we probably hit four or five of those you know level of awareness knowledge Etc but do we really address things like mind wandering no um so the question then obviously is

is there a patch for that you know um yes our operating system hasn't changed in hundreds of years but maybe there's a patch for it and I believe there is and that patch is cognitive security um and there's actually a definition for that and it it means that you combining obviously we need to use emerging technology and then the techn the technological controls have to come first like you you want to make sure that the users don't ever get exposed to the manipulation for or as little as possible so you work with your technology but then you also bring in you're working with the human element and don't just think of them as the dumb

users or the weakest link which is terrible but actually look at them is well how can we cultivate more situational awareness with them and it's so important that certain countries that have been exposed to cognitive Warfare over the last few years have actually identified cognitive defense as a national defense strategy um they say and this is the Ukraine Taiwan Finland you know they've they've all been bombarded with Russian propaganda or Chinese propaganda and they say that by empowering their citizens with critical thinking with cognitive security they actually hope to to um develop an immunity against this Warfare and also it makes societies much more tolerant which I think is wonderful it's it's something that we we all need

and I think again we can learn from what they've done um I mean for example Finland they start at kindergarten level they start introducing critical thinking they make students then in high school read news paper articles from five different Publications and different countries to make sure that you develop that sort of anal iCal questioning mind um they also use um which I thought is brilliant is like the whole strategy of humor versus rumor or humor against rumor um that that Taiwanese one they um and you can see here this is actually their prime minister who they used as a meme during Co you know when the toilet rolls toilet paper um there was like the

shortage which was like disinformation there was a campaign as not enough toilet paper and they responded with a joke where the prime minister showed his his backsides basically saying you know this is just a a rumor I don't believe in don't believe in it and um the Ukraine as well they use uh you know Pop um culture like songs and and memes to disarm Russian um propaganda in um in Taiwan as well they have a uh they they use um a campaign where they invite the citizens to come up with jokes and memes to disarm um this information but then okay this is all cool how does the Z the mindfulness aspect come into this and again I I I

Tred to sort of you know demo very high level what does mind mindfulness mean but if we describe it um it really is being present being in the here and now without necessarily having a story about it or judging um judging about it and again are really deep dived into the literature and there's lots and lots of benefits of mindfulness for longevity for health for all of these good things but in the context of cognitive security what are the benefits of mindfulness that help us program our minds uh get this shielded up right and there's four categories mindfulness helps with stress reduction if you stress if you're anxious you're more vulnerable right um it helps with the situational present

meta awareness um it helps with cognitive enhancement and emotional regulation now all of those four factors or or four categories are incredibly important when it comes to addressing the susceptibility factors and if I then overlay the mindfulness benefits to those 33 susceptibility factors the amazing thing is and this is not me saying this is research you know this is like um evidence 23 out of the 33 susceptibility factors can be positively impacted through mindfulness practices and those I'm not talking about a 10 day vasana Sal Meditation Retreat here talking about little five minutes a day that you can that you can do um and what's amazing about this is that if you then implement it and you

know we thinking about obviously in cyber security because you know again I give you an analogy like I met with his name is Yan he also works for a bank he's a typical uh africaner from jber like the most genuine gold of the earth type of guy and he's like ah and I mindfulness you know like I can't like this is not so I said well youan how about zero trust mindset he oh yeah I like this you know because that I like um and and I said okay well let's build the zero trust mindset um because it's really about zero trust in in obviously architecture it's about configuring systems to not trust anything before

it's verified but if you apply to the human mind it means also like you know not not absolute paranoia but like that's skepticism that kind of verification pausing before reacting and engaging in ition Al so I was quite happy with that for a while until my son Harry actually he 10 years old he piped up and he said you know Mommy that's like trust is part of human survival we have to trust each other it's it's it's why we you know why we are where we are and it's not something you can take away and I'm like that's actually true um it's really critical for for human survival that we trust each other and zero trust as much as we love it in the

s space the end users hate it it's not a nice thing to to try and run a campaign on and also you can't expect people to be mindful all the time which is not what I'm advocating at all because it takes too much cognitive effort so so what's the what is it and then I thought about again if in real life you know when I fly to jaberg what happens with me automatically and I'm sure all the capetonians feel that way is that you automatically become more Vigilant like I love Jah

but you know like I work on CL Street I should probably be more Vigilant but I walk around with my phone shouldn't in Johannesburg I'm like oh no like I can't walk around with my phone I put my handbag on the boots I like I always check so I I have this this this automa automatic kind of vigilance that that kicks in when I land there and it doesn't feel like extra effort because it's a habit you know I do it automatically it's a it's an unconscious Consciousness and that's really where we actually want to to go is is to say well how can we develop an unconscious Consciousness or an A a sort of

habit-based um digital mindfulness that people don't feel that they are stressed out about this and they have to like be paranoid it's more second nature that they realized automatically I'm being triggered by an emotional content this is like too soppy maybe I'm being manipulated can I slow down um that that Spidey senses kind of thing that that we can through drolls and habits that we can get people to to build that um and then it becomes second nature and that's really um where I want to now invite Christine to come up on stage because she's going to share with you how we do that or how we can actually run this is in an organizational setting such as netbank

thank you

[Applause] Anna I'm just checking what I'm what I'm pressing here to move the slides there you go okay so so I'll put a picture of Anna up for now um and yes hi Christine Gordon Bennett uh all the way from Joe Berg um you know sadly um and it's always always so fantastic to come to Cape Town and you see now we get to Cape Town and we go it's like s wo the mountain you know and we get to look at the ocean and so you know we I mean like Anna sends me a message yesterday morning and says it's pouring with rain you know and she's got this crying face and I'm like woohoo

that is just the most that's the most amazing news ever because jber at the moment is like a heatwave it is so ridiculously hot um it's it's unbearable um and especially around about about any women that are currently like my age trust me the uh you know so down here it is absolutely fantastic so yes uh it's great to be here um and yes thank you bid for having us uh this is yeah this is amazing I didn't I had no idea it was going to be this big it's my first time to a bides Cape Town Event uh and I will most definitely be back so so yes okay so where it all started um and

obviously there's the lovely Anna that that is there back in 2022 um you know that I think there was still so much stress in the system straight after covid people were slowly but surely starting to come back to the office or there were some people that were you know needing to come back but the stress was there the stress the overwhelm people were just you know it was so difficult with um working from home and kids and traveling and and all the rest and you know needed something that was going to resonate with people for for um for cyber security Awareness Month in October and so I had this idea yes I'm going to do an escape room and

I'll show you a cool picture of my escape room but just very briefly so yes did this amazing escape room but we needed an overarching theme we needed something um you know that was not just going to be about fishing or social engineering specifically it needed to you know to speak to um and also because October all of a sudden became this um focal point uh and especially I mean this wasn't just for nedbank I think this was for across the world um you know mental health month all of a sudden really meant something so and we had our HR department that was going all out um you know to put on things for staff and

I said I saw this I saw this article from Anna and trust me in this article it was all about exactly what she's pretty much spoken about stress stress and overwhelm okay and how it was impacting people's cyber security and how it was impacting them and getting them to make more mistakes you know people were tired people were exhausted um they were distracted they were multitasking which is exactly like she said the enemy um but this is how people were getting scammed because of all of these reasons so I phoned her up and I said listen I love your articol um and I need to use I need to use it and I think youd put something in there that's that

talked to um something about mindfulness or calming I don't know I can't even remember all I know is I I'd I'd um I'd stolen something that I really liked from you so I phoned to ask if I could have permission to steal this um and anyway the next thing you know she got all excited and um over the phone and we' already organized a talk and she was coming to do a talk um at nedbank and we were going to talk about cyber mindfulness and we were going to we were going to um you know obviously uh get staff to understand this whole thing between emotions emotions mindfulness and how mindfulness could actually impact their cyber security because you

can see like everybody says like how has this got anything to do with cyber awareness okay you're coming to tell me about behaviors that I need to change um you know that can can that can obviously fix this so so yes um and basically Javad also joined us from no before he was the one talking about social engineering Anna was the one talking about you know basically her Uber car story you know how many times I've heard the Uber car story okay she she even says she says should I say it should I say it I'm like you know what Anna everybody knows about it if you haven't heard it well now you have so so yes but

but it was so true and it resonated with staff and the minute she started talking about all of these emotional factors that were influencing us and making us make mistakes and this wasn't just from a cyber perspective this was also making mistakes at home making mistakes at work um you know and uh they could totally get that thing that oh my goodness this email is making me feel a little bit stressed and yes this is the reason why I'm clicking on it so they immediately saw um you know they they saw the connection so from there so then we carried on we went to our escape room sorry this is actually basically where it all came from I think it was

something about yes something about fighting cyber crime yes calm Minds fight cyber crime that's what it was so it was the calm Minds fight cyber crime and this is how we packaged it um and we obviously got people to come down we did a bit of a hybrid event we tried our best people were still not coming out of their offices they were still sitting at their desks you know or they were sitting at home one of the two but we did a hybrid event and we had over 5,000 people um actually join join the event and with fantastic feedback afterwards so just very quickly the amazing um yes this was really this was probably the

best one of the best events I ever did the every because you guess what it was so not digital there was nothing digital about it um it was all written on paper it was all physical you know devices that were put around nobody had to go on to anything digital and um you know it was such an experience and what we were actually trying to say to people is escape your desks Escape it and come and have some fun enjoy yourselves you know so forget about the stress um you know and and and come and do so so um this went down very well um so then 2023 beginning of 2023 uh you know and I I got very lucky

I happened to bump into our HR exec in the lift and it was my chance and you know you know when you bump into one of the execs in the lift you've literally got to have your speech ready you've got to have you've got to have what you want to say in that 15 seconds and you know it's got to be impactful and I managed to get her in the lift and I just I just said Deb you know I've got this fantastic idea um you know I'm in the I'm cyber security and and uh you know we've got this whole mindfulness thing and how it impacts our our um you know um what we basically doing online and

she's like that sounds amazing just like that you know she says speak to my HR speak to the the well-being team and set something up so I was like okay fine so phon the the well-being team and they were having a road show in in a in a month's time from from when I'd spoken to them and the next thing they said well join us we were like okay cyber team's going to join the wellness the well-being you know the well-being Road shows across the country and that's basically how we we got there and we arrived and you know and you could see Star we like what is this what is cyber awareness in the black the ladies in

Black you know what are they doing here um with everybody else that was getting their blood pressure checked um you know yes exactly and they glucose checked and all the rest and then they we're getting all these well-being tips and we basically just punted it to them we just we actually took it out completely we asked them how are you feeling at the moment how are you how's your mental well-being and the minute oh my God I felt like an Agony Aunt um basically after like you know a couple of a couple of these sessions because people were stressed they were really stressed they were overwhelmed they were complaining about traffic they were complaining about overworking um you

know um just being pulled in every direction because of home and because of work and all the rest and it was then that the minute you started to ask them how that and then then you actually put the emotion and you explained why they're trying to trigger emotions and why social Engineers are basically trying to you know trick you into into clicking on stuff you know and this is what and so that we showed them a bunch of different um like fishing campaigns all of those ones that would typically you know the urgency the uh the um oh goodness sorry the fear the you know you have to do this immediately you have to um your accounts been hacked you

know all of those and we said what would you do in that that moment and immediately they were like we we would click we would we would totally click so I said well there we go and how did that make you feel it was all the emotional side of things so fortunately we started talking to about emotions how they how they could get hacked um we rolled out some of those cute little um mindfulness videos that I know before so so kindly created um and we got them to to watch these little videos and then we hosted lots of webinars and lots of talks um you know incorporating this whole this whole mindfulness and well-being side to

cyber and and people really really got it they you know the minute you start talking to them about themselves and what's going on in their lives and all the rest they immediately paying attention so instead of just having to go into a presentation saying yes this is a fishing and don't do this and this is a fishing characteristic and this is how you can get socially engineered they were actually concentrating on um you know listening to see oh yes that is making me feel an emotion that is that is triggering something so um hold on a second let me just have a look there yes okay so these were just this was just some of the campaign stuff

um it was from there that I obviously got asked to do a couple of presentations um you know at various forums I very very very quickly had to learn all of Anna's content um not quite like her but I had to reinvent like a shorter version and one that I could you know pretty much understand because considering she does have a MERS in cyber psychology so so yes but um but yes so uh and um and it was adopted it was adopted um basically across across the bank um so so yes that was that was how um and you know and we've managed to we've just managed to to continue um reinforcing um cyber well-being and and

and just practical mindfulness tips and I think this is where it comes in as well is that we didn't say to them um you know exactly we didn't say to them take a take a day and go to a you know or take an hour and go and meditate or go do a yoga class or go for a massage because nobody can afford those number one and they can't afford them and they can't afford the time so all we were trying to say to them is just take 5 minutes at your desk Take 5 minutes at your desk just you know if it means if it means breathing take a couple of deep breaths uh if it if it means walking away from

your desk going and having a look outside the window or going and having a walk downstairs I mean fortunately for nedbank in JG we have the most beautiful campus so we're very fortunate from that perspective where people can actually get away from their desks and they can go and they can sit in nature and they can just concentrate so the funniest story is like Anna's telling me about all of these things in the beginning and um she tells me that um you know when you get a little bit straight to walk outside and just you know but don't take your phone so I said okay I'll try that so I tried it and I walked downstairs and I

sat on a bench outside and I'm like oh what am I supposed to do now you know where's my phone where's my phone you know because that's immediately what we go for um we never actually just take those five minutes to just stop you know just to calm down um and just to refocus because you constant L are if you're not there you're okay yes I'm getting that I'm getting the look um so so yes I'm getting the yeah it's time now so so yes uh you know and you can obviously see that I can ramble about this for ages but but yes but you know and then was also incorporating like other things like smells okay and I mean I brought

these up here just to give you I mean I've got I've got my own stickers guys I'm just saying Ned bank has their own cool stickers to go on laptops they not as fancy and as shiny and as gorgeous and maybe so Tech as the rest because they have to be very green um but uh you know I managed to to get some of these little stickers and I mean I didn't even ask it for permission um if they could stick them on their laptops um I just said stick it on your laptop stick this on your laptop so that like somewhere here where if you get stressed or something makes you feel an emotion have

a look at your sticker your sticker says and your sticker says emotions hacked take 10 seconds to breathe you know so it's it's just basically something that that will stop them from from clicking on that link if they feel that emotion is being triggered so yes there was other things for the people who like to play with stuff you know while they need a break Play-Doh I got the aroma dough it's got like you know essential oils in it and all the rest for staff they can sit and they can play with it it doesn't get all sticky and and go all over their keyboards and for the other people who don't like the Play-Doh but they they

like the sense you know it was like the calming oils that they can just put on their hands they have a Sniff and it just reminds them that you know they must just calm down so trust me and guys it works for these people okay it works for me it works for me I mean let's let's be honest so so yes but you know and and St like oo this is something new and exciting so so it really has been it's been so much fun as well as it's been um uh you know like um a journey but but then the zero trust mindset came in yes because why because it sounds a little bit better than cyber well-being

you know zero trust mindset you know exactly again so so we've we also you know basically adopted that then I just remind staff I remind staff that you know the world economic Forum has said this stuff you know I always open my presentations with a all about the the world economic Forum Global risks um and explaining to them why cyber security is so important and why it's so important that they focus on it and they focus on getting better at it but then you can back it up with with you know the mindfulness and critical thinking from World economic for because World economic Forum said so you know well sorry and Anna carot said so um so yes why why do we keep

preaching I mean and this is this is something that that you see all the time I mean these are just recent articles from Forbes and Fortune um you know work stress is really impacting people and it's impacting um their behaviors it's impacting their work cyber security burnout I've just come back from the IST squar conference um in Las Vegas I was very fortunate to attend that and burnout and stress from a cyber security perspective okay um is huge I mean it was one of the key topics that was discussed at the conference um so I mean and I think from a cyber security perspective I mean how many of you are are not stressed at all I mean you've

got the easiest jobs in the world you're never worried about any threats right no no new emerging threats and all the rest so so yes you know but but at the same time just for for the cyber security field this can also be applied to everybody else who's working in any of your organizations um and I mean especially like like ours in a bank so yes puppy cuddles so exactly like we started with this the sad the sad picture at the very beginning we're going to end with the this was us at the IC squar conference uh you know we had been in workshops all day um workshops all day and we managed to get back to you know to the room

where we were um you know coming to hear about prize giving and all the special prizes and there was this whole booth that had been set up with all these puppies and you could all just go in and cuddle a puppy you know it was actually like the best thing ever so I mean this might be the next thing that I start implementing at head Bank I'm just saying I'm not sure if I'm not sure if I'm going to get it right but you know every now and then if you just need to take a break I mean you think about what I mean your animals I don't know how many I mean I'm the biggest animal

person there is so you know if it had been a turtle I probably would have had a cuddle anywhere you know given it a but but yes and and there's Anna's gorgeous dog there's Bruno he's very special um so so yes I mean that's basically just looking at the various ways that we can get staff to to basically engage with these techniques that is not only going to help them from a cyber security perspective it's going to help them you know with pretty much everything it's going to make them more productive it's going to make them more focused and this is exactly just to recap on the benefits the stress reduction you know um looking at the

various ways that they can do things I mean we also implemented we let them very uh you know um try out a mindfulness app and you know the feedback was fantastic some people obviously like the sense okay or you know playing with something from a sensory perspective some people like to listen to to the sounds or to the music I mean I've got a mindfulness playlist on on Apple and I mean when I get to work and it's crazy busy cuz there's everyone there I mean I pop on my headphones and I've got mindfulness music in my ears and you know work just feels that much easier so these are the things that you know we we keep trying

to reiterate to staff to say these are the things that you can actually do in your lives and obviously getting a little bit of outside time so and I'm going to go through this very and I'm spoken about most of them so exactly what Anna spoke about earlier um it makes sense and it's scientifically backed you know staff can relate they can totally relate to the messages that we are we are giving them um you know obviously working with HR and our com's team has been it's been very hard especially with Communications um but HR has been an absolute Breeze and I mean we now get invited to everything I've gone to every single Road show the Cyber team is invited

immediately I mean we are part of the the planning process um uh to to basically just go and and and and see staff look at budget's quite nice I do have a little bit of budget um or else I wouldn't be able to do all these fun things for staff um feedback through surveys asking staff and I mean this is another thing specifically when running fishing campaigns asking them why they clicked and giving them you know were you distracted were you distracted were you multitasking um were you stressed were you tired and most of the time about 90% of the time they will tell you that they are uh um you know that they are just overwhelmed like you know they

they they they weren't thinking straight and and they clicked on the link um but it resonates again with them giving that feedback for the next time um and we started to notice that a lot of our clickers stopped clicking um and then just making it fun um so yeah that's that's me and I'm obviously very try my best to have fun so so yeah but yeah thank you again I don't know if there's any questions and I'm very sorry I went over time I wasn't supposed to but um oh there's one more there's one more this is this is Anna's this is yours you can join me now yeah exactly so but just to to

summar so social Engineers manipulators algorithms they all tap into our human humanness really and our human vulnerabilities and but as as Christine so nicely said you know mindfulness mental well-being can really help us to defend against that and it makes us more productive more focused and happier at the end of the day thank you so [Applause] much across the attack surface scattered products and siloed views create blind spots that feel Unstoppable the deadliest risks are in these gaps where attackers move in it's time to unify fragmented snapshots into one allseeing view of risk and unleash a platform born with one intention isolate and eradicate your priority exposures from it infrastructure to Cloud environments to critical infrastructure

and everywhere in between this is tenable your exposure ends here