Cyberattacks increasingly exploit human psychology, posing a significant risk for enterprises, according to Sarah Gosler, managing director of cyber resiliency and human defense at a prominent financial services firm. Speaking at the RSAC Conference 2026, Gosler highlighted how threat actors are blending cyber tactics with psychological manipulation to exploit emotion, trust, and urgency.
Gosler emphasized that the integration of artificial intelligence (AI) in cybercrime has lowered barriers to entry and accelerated social engineering campaigns. “We can have the best technical defenses in the world, but if you have a human being opening the door, an attacker is going to walk right through it,” she stated. This shift in tactics means that attackers now prioritize visibility and believability over persistence to influence decision-making processes within organizations.
In her interview with Information Security Media Group, Gosler argued that organizations need to reframe their approach to cybersecurity. Rather than viewing employees as weak links in the security chain, she urged companies to empower them as active defenders. This perspective aims to cultivate a security culture that integrates human behavior into broader security strategies.
Gosler also discussed how AI has democratized cybercrime, enabling larger-scale social engineering attacks that are more difficult to anticipate and counter. As cyber threats evolve, she posited that organizations must build “human sensor networks” to enhance their ability to detect subtle threats. Such networks would rely on employees being trained to identify and respond to potential indicators of attack.
Moreover, she addressed the critical role of Chief Information Security Officers (CISOs) in aligning budget allocations with human-centric risk and resilience strategies. In an era where technical defenses alone are insufficient, integrating human elements into cybersecurity frameworks has become paramount. This means fostering an environment where employees are not just passive recipients of training but active participants in maintaining the organization’s security posture.
As organizations continue to grapple with the complexities of cyber threats, the importance of addressing the human aspect in cybersecurity cannot be overstated. The evolution of cybercrime tactics necessitates a holistic approach, where human behavior and technological defenses work in tandem to mitigate risks. By fostering a culture of vigilance and empowerment, enterprises can better navigate the challenges posed by increasingly sophisticated cyber adversaries.
Gosler’s insights underline the broader implications of this shift in cybersecurity strategy. As the landscape of cyber threats continues to evolve, organizations must adapt their defenses to incorporate both technical and human elements effectively. The future of cybersecurity will likely depend on how well enterprises can integrate these components to create a resilient and agile defense system.
See also
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
AI Poisoning Attacks Surge 40%: Businesses Face Growing Cybersecurity Risks
