The Horst Görtz Foundation hosted on October, 16th 2016 for the 6th time the German IT-Security Price (Deutscher IT-Sicherheitspreis). A jury of acknowledged IT-security experts from industry and academia chose among 45 contenders the most market-relevant innovations for IT-security.
The jury rewarded our solution with the 3rd place.
Definition & Examples
What is Social Engineering?
Social Engineering is the intelligent exploitation of the natural human tendency to trust people with the intend to commit a cyber attack.
An attacker pretends to be a technician of your telco provider and requests the password for your router.
The victim gets manipulated to install malware on his/her system by an attacker who pretends to be an employee of an operating system vendor. The attacker asks the victim to install a system update which contains malware.
Social Engineering Training
Social Engineering is difficult to train, because it is based on complex human behavioural patterns.
Trainings are often generic, boring, and without (lasting) effect.
Penetration Tests can cause subsequent problems:
Frustation of employees
Violation of privacy laws and regulations
Only a snapshot
Why a Game?
Learning about Social Engineering while you are playing. You will be able to detect attacks and identify vulnerabilities.
Gameworld, nobody makes a mistake, just assumptions.
Creates curiosity, excitement and fun.
of all companies suffer from Social Engineering attacks.
of all companies train their staff to resist Social Engineering attacks.
of all attacks hit staff that is not trained to resist Social Engineering attacks.
Source: Corporate Trust – Business Risk & Crisis Management, “Studie: Industriespionage 2014 – Cybergeddon der Deutschen Wirtschaft durch NSA & Co.?”
86 % of all IT-Security Attacks contain a Social Engineering element.
85 % of all CISOs are not satisfied with their Security Awareness Program.
99 % of all Social Engineering Attackers are satisfied with their Chances for Success.
Source: These numbers are based on our experiences and assessments.
Our Serious Game Hatch
Our solutions are based on our research results. We analyze, evaluate and publish our foundational research and develop services and products based on these results. For this purpose, we collaborate with leading universities and research institutes in Germany and worldwide e.g. UK and China.
Evaluation of the Serious Game Hatch
We have evaluated our game scientifically. The study was conducted with full-time employees with an academic degree of various companies and students. Overall 250 players participated in our study.
The significant majority of all players have stated that they increased their knowledge about social engineering, have elicited new threats and even that they could apply the gained knowledge in their daily work.
Interactive Security Awareness Training Offers
with our Serious Games HATCH and PROTECT
Game with Realistic Scenario
Players attack a simulation of their company
Realisitc attacks are identified
Discussions and ratings of attacks
Game with domain-specific Scenario
Players attack fictitious personas
Multiple domain-specific scenarios
Creation of further scenarios possible
Players defend against attacks
Attacks based on experience
Immediate feedback on reactions
Core part of our training is the card game HATCH (Hack and Trick Capricious Humans) which teaches everyone to identify and prevent Social Engineering attacks (which attack for example as telco service staff and motivate the installation of malware).
for simple and effective solutions.
passionate for our Ideas.
with integrity, confidentiality and respect.
help you to protect your company against social engineering.
Our simple rules and content allow players to understand the foundation of social engineering during training. We have invented HATCH based on our common research interest and continue to evolve our solution with the help of collaborations with leading academic institutions.
What we offer
Training and Consulting
Interactive Security Training & Coaching
We offer trainings concerning all topics focusing on the human factor in cyber security. Our trainings motivate to participate and are designed for non-security experts.
Furthermore, we offer coaching for CISOs and IT-security experts with the focus on raising interest in security topics of all employees.
Threat Analysis & Threat Intelligence
We support you in analyzing the data collected while playing our serious game. The data allows us to identify precise threats regarding social engineering for your company.
We consult you with freely available information regarding threats for your company that are relevant and how these should be prioritized based on the results of the card game.
Longterm Strategy & Standard Compliance
After a number of trainings and analysis have been conducted and results exist, we offer advice on your longterm training strategy for your company including the identification of security metrics and success measurements for your training.
We support integrating the trainings in your security management approach including support for documentation and quality control.
Holistic Security Awareness
We offer a constructive program of measures, which starts with Awareness Training with our Serious Game Hatch
a further analysis of the collected data during playing our serious game HATCH allows a threat analysis.
The analysis allows a permanent improvement of the training to suit your company best.
The threat analysis is basis for improving the defense against Social Engineering via precise and targeted countermeasures. These protect your companies fortune and data.
Finally, the documentation of the steps above can be included in security certification efforts, e.g. a realization of the ISO 27001 Control A.7.2.2 - Information security awareness, education and training.
The Social Engineering Academy (SEA) GmbH is a Partner in the
EU-Project Threat Arrest
THREAT-ARREST (Cyber Security Threats and Threat Actors Training – Assurance Driven Multi-Layer, end-to-end Simulation and Training) is a three-year research and innovation project receiving funding from the EU Commission (4,988,837.50€). It aims to address the ever-expanding landscape of advanced cyber attacks and to mitigate these attacks through advanced security training. THREAT-ARREST will develop a training platform to adequately prepare stakeholders with different types of responsibilities and levels of expertise in defending high-risk cyber systems and organisations to counter advanced, known and new cyber attacks. The effectiveness of the platform will be validated from technical, legal and business perspectives through real cyber systems pilots in the areas of smart energy, healthcare, and shipping. The SEA GmbH is contributing Serious Games for social engineering defence for the integrated Threat Arrest platform.
The project, which started on 1 September, is being carried out by a Consortium of 15 partners, including the Foundation for Research and Technology - Hellas, Simplan, Sphynx Technology Solutions, the University of Milano, Atos, IBM Israel Science and Technology, Social Engineering Academy, Information Technology for Market Leadership, Technical University Braunschweig, CZ.NIC Association, Danaos Shipping Co, TÜV Hellas (TÜV Nord), Agenzia Regionale Sanitaria della Puglia, and Bird & Bird.
The THREAT-ARREST project is financed by the Horizon 2020 Framework Programme of the European Union under Grant Agreement number: 786890.
Our Main Office
Social Engineering Academy (SEA) GmbH Eschersheimer Landstraße 42 60322 Frankfurt am Main Germany