Cyber Crime Junkies
Socializing Cybersecurity. Translating Cyber into business terms. Newest AI, Social Engineering and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manages cyber risk.
Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast
Cyber Crime Junkies
Emotional Firewalls: Mastering EQ to Outsmart Global Cyber Threats
Cybercrime Junkies Podcast interviews former NATO specialist and international intelligence expert, Nadja El Fertasi, about the role played by emotional intelligence in cyber security and Emotional Intelligence in AI.
We discuss emotional firewalls, learning EQ (emotional intelligence) and how it can stop social engineering attacks, how international law enforcement leverages Emotional Intelligence, and how it can be learned and trained.
Find more on Nadja here: https://www.thrivewitheq.com/
Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-446
Get peace of mind. Get Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com
Imagine setting yourself apart from the competition because your organization is always secure, always available, and always ahead of the curve. That’s NetGain Technologies – your total one source for cybersecurity, IT support, and technology planning.
🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!
Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/
Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast
Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!
Cybercrime Junkies Podcast interviews former NATO specialist and international intelligence expert, Nadja El Fertasi, about the role played by emotional intelligence in cyber security and Emotional Intelligence in AI.
We discuss emotional firewalls, learning EQ (emotional intelligence) and how it can stop social engineering attacks, how international law enforcement leverages Emotional Intelligence, and how it can be learned and trained.
Summary
Najah El-Farasi, an expert in emotional intelligence and cyber resilience, discusses the importance of emotional intelligence in preventing social engineering and fraud. She explains that emotional intelligence is the ability to manage one's own emotions and understand the emotions of others, and it can be learned and trained. El-Farasi emphasizes the need for organizations to focus on building emotional firewalls and creating a culture that encourages transparency, trust, and open communication. She also discusses the role of leadership in promoting emotional resilience and the integration of emotional intelligence into security awareness training. El-Farasi has developed an emotional firewalls toolkit and is seeking partnerships to scale and integrate it into existing security awareness programs.
Topics: emotional intelligence in cyber security, importance emotional intelligence in cyber security, balancing tech expertise and eq, emotional firewalls, learning EQ (emotional intelligence), how eq can stop social engineering attacks, how international law enforcement leverages Emotional Intelligence, why eq is important to technology, balancing technical expertise and eq, emotional intelligence in cybersecurity, emotional intelligence, balancing technical expertise and emotional intelligence, importance of emotional intelligence in ai, emotional intelligence in ai, how emotional intelligence helps ai,
Chapters
00:00 Introduction to the Importance of Emotional Intelligence in Preventing Social Engineering and Fraud
06:53 Defining Emotional Intelligence and its Role in Cyber Resilience
11:03 The Cultural and Behavioral Change in Cybersecurity
21:14 The Importance of Building Emotional Resilience and Trust
27:19 Preparing for Cyber Risks and Developing Emotional Firewalls
34:58 Integrating Emotional Intelligence into Security Awareness Training
39:13 The Significance of Fraud in the Current Societal Moment
45:41 Conclusion and Call to Action
Dino Mauro (00:15.052)
Join us as we go behind the scenes of today's most notorious cybercrime. Every time we get online we enter their world, so we provide true storytelling to raise awareness, interviewing global leaders making an impact and improving our world.
Translating cybersecurity into everyday language that's practical and easy to understand. We appreciate you making this an award -winning podcast by downloading our episodes on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and now the
Dino Mauro (01:05.196)
Now hang on, emotional intelligence isn't some elite, higher intelligence level that only a few can achieve. Far from it. Emotional intelligence is simply this. It's the ability to manage both your emotions and to understand the emotions of the people around you. And it can be learned and it can be trained and it's pretty easy to understand. Join us today and we're going to show
This is the story of Najah el -Farasi, a NATO emotional intelligence cyber expert, and how she is changing the world of social engineering. Well, all right. Welcome everybody to cyber crime junkies. I'm your host David Morrow and we have a very special episode today. We have a very special guest visiting us from overseas. We have Najah el -Farasi, the expert
emotional intelligence and cyber resilience with a focus on resilient leadership and her past experience has led her across the world. She's been an executive director with NATO as well as a coordinator with senior coordinator with NATO's communication information agency and has also served some time working for Ernst & Young as well. Welcome to the studio.
Thank you very much David and Mark for having me. It's very exciting to join from Brussels, the New York of Belgium. Yes, it is the New York of Belgium. And I would be remiss if I didn't announce my always positive, always fantastic, absolutely amazing co -host. According to my insincere things to say to coworkers app that I have here, Mark Mosher. Mark, welcome to the studio.
This is going to be exciting David. I think we found a guest after a hundred plus episodes That is more passionate about this subject than you and I combined I'm telling you this is going to be great. I'm telling you about that. You guys better buckle up. This is going to be a good one Yes, sir. I am passionate. Tell us about your time at NATO. Yes, sir So I'm a bit of a bad example of a student. I was 20 20 years old and I was studying in
Dino Mauro (03:28.27)
in The Hague in university, European studies. And I lived in the Netherlands. I just have to explain this to Mark. So these are schools of higher learning. So I just want you to aware of that. OK, go ahead. And that's where my journey in NATO began, 2001. And I went from five years in southern France, then
to working in the Hague and we were responsible for the interoperability systems between the several nations to make sure that they connect and speak the same language when it comes to coordinating missile defense activities. That's outstanding. touched on something that's really near and dear to me as well when you mentioned, you know, it's a behavioral change, right? Like it's, cybersecurity is not just, it's not about technology anymore. It's not about wires
and lights and how we defend against some brute force attack. It's a cultural change, it's a behavioral change. There's so much more involved now. Do you kind of get that sense? I think this is what social engineering is all about. My personal experience with social engineering goes years because obviously in NATO we were always a target and a person of interest.
social engineering is getting people to do something that's not in their best interest, whether it's releasing information, whether it's commercial espionage, whether it's getting access. And we see that this is what I think the pandemic helped me to focus because what we now see is that cyber was inherently seen as a very exclusive elite field, quite technical complex when you needed quite a lot of certifications. I think that is still definitely the case.
We have to see how it's going to be used with AI as co -pilot. But what we're seeing after the pandemic is this huge human attack vector. I mean, it's easy to say that the human is the weakest link, but we are in the sense that we are investing in the technology and the scammers. They don't even have to be criminal. They're part of groups that have associate services to scam at mass as well as we've known ransomware as a service.
Dino Mauro (05:49.154)
that then use people's emotions, because our emotions drive our behavior, get them to do something which is not in their best interest. And I think there's a lot of misconception when it comes to emotions, because especially people think, emotions, it's too emotional. You can actually have no emotional reaction and still be emotions. There are two distinctions to be made, for example, one thing that everyone has the same is what scientists calls
effect. So for example, Mark, you had a really bad night of sleep, maybe you three bad nights of sleep, and your energy, your body energy is low. So you're going to feel perhaps hangry, or you're going to feel a little bit sad and depressed. So you're not going to be able and to focus as much. But you also may attach stories to that, right? You may be more triggered or you may be more vulnerable to whatever the outside environment
This also increases the human service attack, but this is the same for everyone. But then we have emotions. that is also very cultural. So here's where I focus because, for example, if you work in a cultural organization where there is a high level of power distance, meaning that there is distance between the CEO and the management, and it's not necessarily fear, but you just don't use assertiveness skills. You don't question authority.
So what happens then, what scammers do often with CEO frauds, for example, then they impersonate as an authority figure. And if you have support staff or people in the financial sector who are very sequential in their way of working because they're dealing with numbers all the time, they're not necessarily going to address the assertiveness to question authority.
but they're going to do to address the fear. if you have a lead, this is why leadership is so important because if you are using fear, there have been studies done about that. People will do what it takes to reduce the fear and not to root cause. And then, then, so I think, so there's a, there's much more complex than that. And I think there are a lot of psychology experts that deals with social engineering. I keep it at a very practical level.
Dino Mauro (08:07.406)
because I think I shared this with you, David, when we talked about the MGM case where the black hat, the scattered spider group, as they call it, looked up LinkedIn employee and then impersonated an employee from MGM and fooled the tech support. We don't know necessarily what happened specifically, but there again, it shows that the manipulation of emotion of familiarity, perhaps the test
the tech support had a protocol, but again, maybe they are used to, I noticed from my time at NATO, when someone doesn't have access to their system, it's the end of the world, you have to do it immediately. and I think if we don't look, but then if that person in tech support, if you're going to talk about long studies, how the neuroscience brain works, they simply don't care.
and they won't remember even when it actually happens. So we really need to disrupt the way we do cyber security awareness when it comes to these types of attacks to explain it and to have people experience it in their map of the world. it's not necessary, and this is very counterintuitive for many cyber security experts because they tend to talk about cyber from a cyber perspective. If you really want people to change behavior,
do not start with cyber, you start with their needs, their map of the world, their values, and it sounds like it's a huge investment, but if you don't make this specific to your organization and rethink how your culture is contributing to the risk, because there will always be a risk, there are even vendors who say conquer human error once for
That's yes in my view because you can't you can't people will make mistakes exactly We are in agreement with that a couple things you were talking about the neuroscience component to it and when you think of social engineering or phishing emails what our understanding is that they appeal to the fight -or -flight instinct in us, right? They're trying to raise the cortisol levels so that our limbic brain is
Dino Mauro (10:29.314)
And the limbic brain has no capacity for language or reason or rational thought, but it drives behavior. And so then we're not even able to comprehend, you know, the, remember the training that we had or comprehend that I shouldn't be doing this. And it's part of the reason why they're why. Fishing emails have that sense of urgency in there. Like this is bad. It's going to happen. You need to jump on this right away or wire my nephew money or whatever
the attack might be, but by pausing and by breathing and by doing various other aspects so that you can lower your cortisol levels and your neocortex can begin functioning, which has high capacity for data and, you know, understanding vast amounts of data and reason. Then you can then recall your training, recognize that this is something that's against your interests or against the interests of the organization's brand that you serve. And
proceed accordingly. Is that similar to what your findings are as well? Yes, so that's a big part of it. to I think when we stop and when we breathe and when we are mindful, we kind of regain our emotion. So Andrew Huberman, who's a world renowned neuroscientist, explains this very well. When we have neutral emotions or even positive emotions, our focus is much
better because we feel less stress. But when we have negative emotions and then we're experiencing kind of then the stress we go in survival mode. being able to, and this is a very interesting example, David, there's also on the other side of the corn which I will come back, but imagine that there is a un -domestic tiger in the corner of each of our rooms. So in Kentucky, I don't know where you are, David, currently, and in the New York of Belgium.
There is an undomesticated tiger that is about to attack us. So whatever we will do, we'll to tell anybody now because I don't want the tiger annoying. You don't want the tiger annoying. We're going to use all our energy to survive. The main job of our brain, which may shock people, is not to think, it's to survive. So we're going to use our body energy to run away. The problem we live in this world today is the email from your...
Dino Mauro (12:56.3)
leadership or the email from your partner or the bad conversation with the contact. It triggers the same stress response. Now, can you imagine if you are constantly having this, I call or what experts call emotional carryover, you are going then to fall into chronic stress and then your focus levels are less diminished. have to stress in itself is not bad because it gets us into action.
But we have to be able to distinguish between a false sense of fear, which criminals and scammers use. For example, we saw this with COVID. We see this with tech layoffs. And I get loads of emails about job opportunities. And here is where positive emotions are used as well. Fear of missing out. Too good to be true. I get loads of amazing opportunities to participate in media paid engagement, which I can see
Gmail and there is like some numbers so for me that's already red flag. And so they also they are positive emotions which also then puts us in the lowers our defense mechanism and we pay less attention. We need to find the balance and the other thing is it's really about regaining our focus. I have an antivirus program installed and I get constantly alerts that connection is trying to enter my computer so I block
But imagine if you're not focused, the block and the allow function are next to each other. So you just have to, and that's not even a mistake anyone can make because we're just, so it is, and you cannot prevent it. Maybe one day I will, you know, if my son is here crying or something, I'm doing something at the same time because, you know, we're not machines, I can click on the allow. So also.
how we think about user experience in making software or products with digital elements more secure, but also in the way we use it is fundamental because we are going to use technology. There is always polarity, but thinking on how how can we reduce the human surface attack through technical firewalls, right? Through technicality and then teach people
Dino Mauro (15:11.316)
emotional firewalls, the practicality, understanding their triggers. If you're someone who and confidence plays a role, assertiveness as well. If you work in an organization where, or if you're not used to speaking up or sharing your view, then tailgating, tailgating is a classic example that's in the person. So, I'm sorry, just can you hold the door? Now, how many people say, actually, can I see your badge? wouldn't get it. No, because how will I be perceived?
This is also psychology. They've done many studies about. So, yeah. So people, don't mean to interrupt, but that reminds me of like people's personality traits, right? Like some people are people pleasers, right? And they, and so they would never question. They don't want to be uncomfortable. They're non -confrontational. They don't want to say, can I see your badge? Like you're it's raining out. You're outside. The person's carrying a box of donuts. They obviously want to get
Right? And so you want to be polite. You want them to be happy with you. They have donuts for Christ's sake. Right? So you want to let them in. So you're going to open up the door and then let them in. But that's how it's done. Donuts would work well with me and my son. That's a very interesting point, David, because so there's a difference between personality, which is usually fixed at age 17. And you can't really change.
Although there have been recent studies in psychology that have been done, through neuroplasticity, you can even change how you think and your personality. But emotional intelligence can be teached. So for example, people who tend to have low levels of assertiveness skills, which is one marker of the EQ model that I use.
they are likely to maybe suffer from the disease to please or more introverted and not necessarily feel comfortable the discomfort they feel with saying no. Here I say there's a difference between being kind and being nice. So when you're nice it usually comes from wanting to be validated, wanting to be pleased. When you're kind it's more character. So I'm also Dutch in my nationality
Dino Mauro (17:27.147)
I'm very kind, but people don't play with me. And I don't say this from a fear perspective or arrogance, not at all, but you can teach people how to question with kindness and respect. It doesn't mean, and a lot of people have, depending also the culture and how they grew up in their thought system, they have this dichotomy. If I say, I thank you very much, but out of policy, can I see your badge or where do you work? You can be very kind about it.
the person will either show their bags or come up and excuse and then can say, and I had an American friend who actually many years ago showed this perfectly where someone was trying to get in the door and she was very kind and diplomatic. She said, no, sir, I'm afraid you will have to wait until the elevator until your host opens the door. And then she let me in. And I think, yeah, and here's where you need to have healthy levels of self -regard because what scammers
or people who don't have your best interest at heart, they will try to make you doubt yourself. And if people don't feel, and this is where, I think this is where the link with emotional intelligence is, if you don't feel complete in yourself, good in your skin, then no matter if Mark tells me, Nadia, I really don't like you, I will say, well, thank you for sharing your view. You have a right to think that I like myself, but I respect your view, right? And this is where you need to teach people to actually not,
And this is a very sensitive topic because I think the pandemic has also brought up a lot of these issues working from home now and the stress we face and the loneliness we face and I'm big passionate and advocate for mental health as well, which I write about a lot. So these things are no longer to be treated in isolation. If we truly want to create a safer, secure online working world and society.
you need to be able to connect the dots. The Dutch. That wasn't for me to slip. So how do organizations work on bolstering their employees' emotional firewalls? So in my case, I use a system. So I meet businesses where they are. The system is a known system, which is preparedness, resilience, and readiness.
Dino Mauro (19:49.068)
And inherently for many decades, businesses have focused on optimizing processes, optimizing technology to ensure a high maturity level within these areas. However, people are not processes or technology to be managed. Change happens to us, disruption happens within us. It's in the most more process. So from a preparedness phase, and we see this now with the regulation that is not only in the US with the SEC regulation that is coming into force or has come
in October 2024 will hold management entities liable for cyber breaches and disclosure. There are caveats of course. is that? I'm sorry. Where is that? So this is the NS2 directive that is in Europe. And it's kind of, it's an add on from the previous directive where it says that there is also more stringent monitoring and requirement for management to be
And then they are now they reached political agreement on the Cyber Resilience Act, which is expected to come in force in January. And then any organization who wants to bring a product into the European single market has to be able to show that any product with digital elements is cyber secure from cradle to grave, which is huge because as a software producer or product producer.
You can only guarantee the risk so far because then you have consumer risk as well. Can I ask, will that involve software makers and SAS program makers having SBOMs, like having software bill of materials kind of like a cereal box, like the ingredients? Well, they formed kind of a technical consortium
recommend not counting SAS in it as well because this will involve a lot of complexities for them because they will not be able to guarantee. I know this from my time when I was involved in the kind of revisited the NATO capability development program because it took 16 years to develop capability. But with the cyber challenges and this short tech cycle, the requirements were already obsolete after three months.
Dino Mauro (22:10.254)
Speed was really necessary. And then the other problem was the user requirement. So when you apply this to the business world as a producer or as a manufacturer, so this is typically valid for the manufacturing industry, but it's going to be very difficult to show that they are going to have 100 % responsibility because even when there was another, I read this, think in your newsletter, where MFA
was not installed. They are not giving this an option to their clients. And I was also involved with a client where the customers refused to install MFA because it was too much hassle. So here we deal with it. They didn't the users to be inconvenienced. So these are things, for example, we work with a stakeholder engagement action plan to engage regulatory bodies ahead of time. Don't wait until a breach happens.
but understand their map of the world, engage. This is where here we have a lot of lobbying agencies as well, but really understand how the current processes and policies are actually shaping your emotional resilience, right? You can have policies, for example, don't reuse passwords, use MFA. From a preparedness level, how are you checking that this is actually done? How are you incentivizing people to do it? Exactly.
Then the resilience is the cultural. How are you building a culture where fear is replaced with incentive, with transparency, where people celebrate when something, say something, right? Exactly. Where you encourage, you reward employees for bringing up anomalies and things that they see, that behavior, things like that. Yeah. And when they do make a mistake...
this is a huge problem for businesses to report it immediately without feeling stupid or judged or disciplined. So to have a system in place that actually celebrates, there are even some CISOs who celebrate and it sounds counterintuitive, but we all know from a security or an IT perspective, the earlier an anomaly is reported, the much better damage control and containment organizations can implement.
Dino Mauro (24:31.682)
And then from a readiness phase is actually with combined preparedness and resilience, how ready are you to actually face? Because there will always be known risks. So risks that company already knows how to do, roles and responsibility, how people will act. Even if you have a kill switch, for example, it still comes with a lot of pain, pain of business disruption, pain of recovery costs, pain of still the data that you have lost. So really understanding how well
are you, I like to use this example that was used in the Harvard Business Review, when you climb up a mountain, you prepare yourself and you're resilient, but inevitably, you will have unforeseen things coming your way. As a team, how are you prepared to think on your feet to work as one team? Trust is very important to mitigate these risks. And from a psychology perspective, our brain is quite geared
dealing with risks as they come if we stay present in the moment. And I'm not talking about woo woo presence. I'm talking about focus because when you are facing a lot of challenges and pressure and if you're someone who has low levels of stress tolerance, you're going to project in the worst case scenario, you're going to stress out, want to stress everyone around you. You're losing your focus. Your brain won't be able to come up with, you know, this is where we go into stress of flight
So these are all, this is an interesting and proven system. So it's known framework. Dr. David Shatterjee also wrote a book about it, but I use it more, I didn't invent the framework. I just use it as a model where I use the emotional intelligence model that I use to fuel the emotional resilience in all of these areas. So how well are your processes going to be implemented? How well prepared are you?
reduce the risk as well and not only very important part of preparedness is reducing the human surface attack is teaching people about emotional firewalls, teaching people about how not to get scammed through emotional self -awareness and doing this in a safe space. So understanding that okay I know these are my triggers, I know this is my blind spot so I am more susceptible to these kinds of scams. So I know that now in advance how can I prepare
Dino Mauro (26:58.114)
How can I feel the fear but not as intense as if someone would pressure me? So these are all the things that are quite uncomfortable for businesses, right? But when I use scenarios and in very fun way, people then move from awareness because you can perceive something as an issue. It doesn't mean necessarily that you understand it, that you're going to act on it to do something different. mean, so the efforts are always geared to raising awareness.
moving to understanding and giving the tools to implement that understanding to do something differently that is more cyber hygiene. Absolutely. And it's directly related to best practices of cybersecurity today because so many of the breaches are caused by human error, right? Or human interaction, right? Whether it's intentional or it's negligent. And so addressing these emotional firewalls within
And having that model helps both the external threats from actors and also insider threats for organizations. Exactly. And one thing I wanted to mention as well, when you look at the Uber data breach in 2016, Sullivan spoke up recently in an article. He was just at Black Hat Europe, right? Speaking about how he didn't do anything
and he had to kind of say, he had to bring it to everybody's attention. Well, this is where he spoke about transparency. But again, there may be some truth, or we will never know because we are outsiders. mean, we all know how it goes. And I think that there's also legitimacy to keep some brand reputation. But I think when we look at it, what are the lessons learned? Now, from a preparedness perspective,
when we look at incident response plan is often seen at the lower level at the technical level right now i have to know what to do it's a truck when you look at crisis management plans is also seen as i don't have time for this because i'm dealing with my crisis is anyway so when you do have to stable top exercises they're not really engaged but here again we see and and classical example where even if processes were followed and according to to solace and that he did
Dino Mauro (29:22.316)
report to the CEO and other relevant stakeholders within the organization to enhance transparency, it didn't necessarily prevent or reduce the breach. So this is something where the leadership, this is where I also work with C -suite, is to create a less silo based approach. And I don't necessarily start with cybersecurity at all.
but really create a better alignment between them to understand, you know, what are their bottlenecks because when they are closer and when they work well together, then you have what happens when we take off our labels, our identity, then I will see Mark as Mark, not as an expert or David as David, not as the cyber crimes junkie podcast. So I see you as an actual human being.
who I trust, have a connection, a relationship, and then when S hits the fan, we trust each other. We don't necessarily have to, and this is a really important point because often we think, ah, emotional intelligence is all about touchy feeling, we have to like each other. Some of the people I trusted the most are the people I dislike the, I like the least, actually. But I trusted, I trusted them 100%, and I would wanna be in a crisis with them.
even if I didn't like them, then with someone I liked because I knew that they did not have the emotional backbone or the sound judgment making, decision making skills to do what is right in case of pressure. But I did know the other person who I didn't necessarily like would, you know, have people's back and would be very calm, collected, cool in times of pressure. And this is how we want to see this as well. It's not necessarily you want to have leaders
that people trust, right? You have to work well together, obviously, and respect is important. I think constructive conflict is important as well, resilience as well, not to take everything so personal. But you want people, you want to be able to trust it, that if something happens that they know what to do, and then you don't have to explain, because during a crisis, we all know, you don't have time.
Dino Mauro (31:43.434)
to explain what you're going to do. You have to make quick decisions, but you can train yourself. You have to have these uncomfortable discussions and sort out any issues you have between each other before something happens. And you can do this in many ways through training, through facilitation, through individual coaching as well. Often the real work starts when people are reflecting.
by themselves.
Yeah, so I just released currently and this is part of my vision. So my vision is to actually build with partners an emotional firewalls Academy. And we basically have all these, you know, the technology, the immersive technology integrated in scenario, because how do people change behavior? We have to use our senses, right? This is when we feel the intensity of the emotion in a safe space when it actually happens in real life, we're much better prepared.
This is our technique is used for firefighting, for training, for training. we role practice. Exactly. So it's really understanding to stay, for example, you know, how do you deal with a difficult customer to understand that you're not your emotions are not going to get the best out of you. So I've now developed a standalone online course that is fraud prevention, which has social engineering and phishing scenarios
but it really focuses on the human behavior. So I definitely see a potential and opportunity to work with, to integrate this when people do, you know, when you have these phishing simulations, so you have a better, I think the phishing simulations are good in a sense to give you situational awareness, but they may not necessarily be the best tool to drive and incentivize behavioral change, right? So you can use that data to see
Dino Mauro (34:04.93)
which specific phishing type or how people's behavior, time of the day, et cetera, to have more data than to design scenarios using emotional intelligence to train people. And what is interesting about emotional intelligence is people like it because not necessarily they like it because they will be more cyber hygiene, but they will be happier because emotional intelligence is basically better understanding ourselves.
So we can feel less stress, more focused, better relationships, more, you know, higher quality of life at work. And, and this is how you get, and it speaks to their needs. So when you link it to, to their map of the world, then basically you are integrating security as a way of life, but not making the security, the predominant factor for the training, but the emotional intelligence, emotional firewall. That's absolutely fascinating. So you, you mentioned in some of your emotional firework.
of firewall work, you pointed out like PWC's global economic crime and fraud survey, the recent one from just earlier this year, late last year, it showed that 51 % of surveyed organizations say they experienced fraud in the last two years, which was the highest level in 20 years. So what does that indicate? what, you know, in cybersecurity, we talk all the time about these data breaches.
We don't always talk about the amount of fraud that goes on, right? The inside fraud, the personal, the direct criminal to consumer fraud. What are you seeing? What is the significance that that statistic that you point out showed? Well, I think that there are several dimensions to it when it comes to fraud. when when criminals or scammers perform data breaches.
They have multiple motives, right? It can be stealing information for commercial espionage. This is also a type of business fraud. Absolutely. can be targeting employees that have access to privileged information. This is actually what we, I don't know because I'm not insider, but what happened with Jack Dexera is this was a young man who had privileged access to highly
Dino Mauro (36:30.68)
classified US international information who perhaps was, you know, in a way peer pressured or fraud in releasing it in the discord channel. So understanding what drives fraud falling for fraud's behavior. Big, think a big portion of the reference I referred to was more related to pension fraud, elderly fraud, romance scams. Unfortunately,
We think that no one will fall for a romance scam, but we have to think twice because I mean, this is where the mental health and the loneliness comes in and organizations should pay attention because when you have people who have access to your networks and they are working in isolations or they feel completely underappreciated or a lone wolf, they need to balance these negative emotions with positive emotions.
So they need to, as people, we seek pleasure and avoid pain as a general rule. So these scammers who perform fraud in form of romance scams are feeding in the pleasure, even if it's not falling in love, but escaping our reality of discomfort. And we are living in a societal moment, pivotal moment in our era where there's a lot of things happening simultaneously.
So it is easier to escape the feelings of discomfort, right? To the feeling that's why we are on social media. That's why we project this, why we nab this, right? I mean, there are so many things. And fraud is playing an important part in this because they are very much trained to make money out of people's misery.
I'm not necessarily talking about fraud that happens within companies because apparently I read an article where in hospital a former age healthcare executive committed fraud by staging data breaches and then getting paid himself. Security companies and it was staging breaches.
Dino Mauro (38:39.33)
Yeah, exactly. That's very bold. Yeah, that really crossed the line. Hey, as we wrap up, and I'm so sorry, we're at the top of the hour, we will definitely have you on again. yeah. I wrote down my pick question just to what it is. Yeah, I think it'll be interesting to have you on with some of the international panel that we've had on, like, Carlo Brada
people that head up the think tank that we're part of. What's on your agenda next? When do you plan to roll this out? What's on the horizon for you? So it's already finished. So I'm actually now in the stage of, because I do mostly consulting, so now I'm looking to kind of bring it into market and also look for partnership on how to develop this further with organizations who have kind of the funding and the technology.
combine it because I I have the course also to give the foundation, also do customized design, but I think companies have the technology now you need to scale it. Exactly. there's and scale it, but also to work with companies who already have the technology or have the learning management assistance and then help them integrate. So the emotional firewalls is a toolkit.
So you can actually integrate it in your existing security awareness training as well. When you are doing a phishing simulation, for example, to really help people understand not only saying, make sure you think before you click, which is easy to say, but when you are having so much on your plate and you are getting a link, how many times do we click? And like I said, we don't even think about it. Or when you are at home and you are both parents are working.
and the kids are a teen, we all know how, my son is not a teenager yet, but he can be very persuasive. They are also at risk for data breaches, et cetera. So, I mean, the emotional should be integrated in how do we communicate security awareness and how do we make it fun as well to understand the other side of the dark side of emotional intelligence and how criminals and scammers are using it to empower people.
Dino Mauro (40:56.108)
and to redefine leadership to actually create a safe space so people feel empowered to be more assertive, to be more attentive, and to better understand their blind spots and what could make them a high vulnerability target.
Excellent, excellent. Well, thank you so much. Naja El -Farasi, we will have links to your LinkedIn for them to follow you and other information so that they can get in touch with you. And we thank you so much for your insight. Thanks for all that you've done. was really good. Here it's almost 10, it's like 10 a .m. in the evening and you see my face. I could still go on for hours. That's why I said we're going to have to have you back. Yes. Yeah, absolutely.
I'm excited about this subject, which sometimes surprises people, I love empowering people and talking about it as much as I can. So thank you for having me. Thank you so much. We look forward to speaking again. Thanks everybody.
Dino Mauro (41:59.118)
Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award -winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.