Clinical psychologist Beatrice Cadet, Scientist Integrator at Netherland's Organization for Applied Scientific Research (TNO), draws upon multiple concepts such as 'learned helplessness' to explain why people still fall for phishing attacks despite the training. Beatrice emphasizes the need to factor in human behavioral traits and motivational triggers when developing social engineering solutions and training.

Time Stamps

00:49 -- Please share some highlights of your professional journey.

03:51 -- From a psychologist's lens, what do the social engineering trends look like? What can we expect in the future?

08:13 -- You talked about the need for socio-technical solutions to counter social engineering, and there are a lot of solutions out there. What are some of these solutions?

10:17 -- Unfortunately, we are in an environment where we have to be mindful, we have to be careful, and we have to prioritize. Your thoughts?

13:20 -- Do you think we'll ever get to that stage where humans don't have to worry about making mistakes; because we have great technologies that will cover us?

16:48 -- We are naturally not inclined to be proactive. Your thoughts?

18:56 -- You said, "I want to debunk the emotional aspects of social engineering. We need to be more pragmatic about it. We all fall for it at some point. But how to best avoid it and recover." Expand a little bit about the emotional aspects of social engineering.

24:35 -- From a psychologist's standpoint, what are your thoughts on the Zero Trust approach to cybersecurity governance?

27:37 -- It is so important that human psychology is taken into consideration by involving subject matter experts, such as yourself when training programs are developed. Would you like to add to that?

34:41 -- The more I think about it, it makes sense to have a Zero Trust approach. Your thoughts?

37:17 -- I'd like to give you the opportunity to share some final words.

Memorable Beatrice Cadet Quotes/Statements

"I think deep fakes are here to stay. They are likely to be used (by criminals) more and more."

"Social engineering can be approached in two ways -- using psychology, i.e., human manipulation to conduct technical cyber-attacks, and using technologies and technical tricks to manipulate people."

"Social engineering is nothing new, and we're still falling for the same old trick."

"Technology is being increasingly used to manipulate people even more effectively."

"When I think of social solutions, I refer to the awareness that comes with training. "

"With so much social engineering going on, we cannot expect everyone to always be at their best and ready to check everything."

"If you don't have awareness and mindset, you can do every possible training you want, it won't have the desired effect."

"People really need to understand why cybersecurity training is important; if you don't get their buy-in, the training will be ineffective."

"It has been shown in cybersecurity research that the reason why sometimes things don't work, or people still fall for phishing, is because they know that no matter what they do, or they think that no matter what they do, they will get scammed anyway."

"Beyond being well aware of social engineering campaigns and cybercrime in general, it's also very important to be self-aware, and to know your limits, to know that sometimes you might be overstressed and overwhelmed. And you're not going to be able to make the same type of decision as if you're perfectly healthy and mentally well-balanced."

"The only generalization we can make is that there are no generalizations that can be made."