Won 3rd place of the German IT-Security Award

The Horst Görtz Foundation hosted on October, 16th 2016 for the 6th time the German IT-Security Price (Deutscher IT-Sicherheitspreis). A jury of acknowledged IT-security experts from industry and academia chose among 45 contenders the most market-relevant innovations for IT-security.

The jury rewarded our solution with the 3rd place.

Definition & Examples

What is Social Engineering?

Social Engineering is the intelligent exploitation of the natural human tendency to trust people with the intend to commit a cyber attack.

Examples

  • An attacker pretends to be a technician of your telco provider and requests the password for your router.
  • The victim gets manipulated to install malware on his/her system by an attacker who pretends to be an employee of an operating system vendor. The attacker asks the victim to install a system update which contains malware.

Social Engineering Training

Problems

Social Engineering is difficult to train, because it is
based on complex human behavioural patterns.

 

Trainings are often generic, boring,
and without (lasting) effect.

 

Penetration Tests can cause subsequent problems:

  • Frustation of employees
  • Violation of privacy laws and regulations
  • Only a snapshot

Our Solution

Why a Game?

Learning about Social Engineering while you are playing. You will be able to detect attacks and identify vulnerabilities.

  • Gameworld, nobody makes a mistake, just assumptions.
  • Creates curiosity, excitement and fun.
Unser Gamekit

38,4 %

of all companies suffer from Social Engineering attacks.

18,3 %

of all companies train their staff to resist Social Engineering attacks.

20,1 %

of all attacks hit staff that is not trained to resist Social Engineering attacks.

Source: Corporate Trust – Business Risk & Crisis Management, “Studie: Industriespionage 2014 – Cybergeddon der Deutschen Wirtschaft durch NSA & Co.?”


86 % of all IT-Security Attacks contain a Social Engineering element.

85 % of all CISOs are not satisfied with their Security Awareness Program.

99 % of all Social Engineering Attackers are satisfied with their Chances for Success.

Source: These numbers are based on our experiences and assessments.

Overview

Our Serious Game Hatch

500

Satisfied Players

10

Publications

5

Scenarios

3

Languages

Research

Our solutions are based on our research results. We analyze, evaluate and publish our foundational research and develop services and products based on these results.
For this purpose, we collaborate with leading universities and research institutes in Germany and worldwide e.g. UK and China.

Evaluation of the Serious Game Hatch

We have evaluated our game scientifically. The study was conducted with full-time employees with an academic degree of various companies and students. Overall 250 players participated in our study.

The significant majority of all players have stated that they increased their knowledge about social engineering, have elicited new threats and even that they could apply the gained knowledge in their daily work.

Entertaining Cybersecurity Awareness

Interactive Social Engineering Trainings

Serious Game

PROTECT

online

  • Training of Defences against Social Engineering
  • Adaptation to your IT-Security Policy (optional)
  • Success Measurement & Poster Campaign (optional)
  • Minimum Participants: 10 Employees
  • Minimum Duration: 3 Month
Contact Us

Interactive Training

SecTrain

remote

  • Interactive role plays test your ability to defend against these attacks
  • Adaptation to your divisions e.g. HR and relevant attacks for this division
  • Corona-specific Attacks inklusive
  • Minimum Participants: 10 Employees
  • Duration: 1 Day
Contact Us

Serious Game

HATCH

on-site

  • Scenario-based identification of relevant Social Engineering Attacks for your business
  • Walkthrough of attacks with the employees of your company
  • Discussion of the results and your defences
  • Minimum Participants: 10 Employees
  • Duration: 1 Day
Contact Us

Further information material

 
 
We offer interactive Cyersecurity & Data Privacy Awareness Trainings with the focus on Social Engineering (Human Factor): 
 
* Scenario-based Remote & On-Site Trainings   
* Trainings with Serious Games & Role Plays
* Success Measurements & Threat Analysis
 
All our offerings can be flexible adapated to your needs e.g. adapted to your IT Security Policies or Data Privacy Guidelines.
 
You can find our complete offerings here
 
All prices are excluding taxes.
Hatch me, if you can!

Core part of our training is the card game HATCH (Hack and Trick Capricious Humans) which teaches everyone to identify and prevent Social Engineering attacks (which attack for example as telco service staff and motivate the installation of malware).

  • We aim for simple and effective solutions.
  • We are passionate for our Ideas.
  • We work with integrity, confidentiality and respect.
  • We can help you to protect your company against social engineering.

Our simple rules and content allow players to understand the foundation of social engineering during training. We have invented HATCH based on our common research interest and continue to evolve our solution with the help of collaborations with leading academic institutions.

What we offer

Training and Consulting

Interactive Security Training & Coaching

We offer trainings concerning all topics focusing on the human factor in cyber security. Our trainings motivate to participate and are designed for non-security experts.

Furthermore, we offer coaching for CISOs and IT-security experts with the focus on raising interest in security topics of all employees.

Threat Analysis & Threat Intelligence

We support you in analyzing the data collected while playing our serious game. The data allows us to identify precise threats regarding social engineering for your company.

We consult you with freely available information regarding threats for your company that are relevant and how these should be prioritized based on the results of the card game.

Longterm Strategy & Standard Compliance

After a number of trainings and analysis have been conducted and results exist, we offer advice on your longterm training strategy for your company including the identification of security metrics and success measurements for your training.

We support integrating the trainings in your security management approach including support for documentation and quality control.

Holistic Security Awareness

Portfolio

Holistic Social Engineering Defence
  • We offer a constructive program of measures, which starts with Awareness Training with our Serious Game Hatch
  • a further analysis of the collected data during playing our serious game HATCH allows a threat analysis. 
  • The analysis allows a permanent improvement of the training to suit your company best.
  • The threat analysis is basis for improving the defense against Social Engineering via precise and targeted countermeasures. These protect your companies fortune and data. 
  • Finally, the documentation of the steps above can be included in security certification efforts, e.g. a realization of the ISO 27001 Control A.7.2.2 - Information security awareness, education and training.

The Social Engineering Academy (SEA) GmbH is a Partner in the

EU-Project Threat Arrest

THREAT-ARREST (Cyber Security Threats and Threat Actors Training – Assurance Driven Multi-Layer, end-to-end Simulation and Training) is a three-year research and innovation project receiving funding from the EU Commission (4,988,837.50€). It aims to address the ever-expanding landscape of advanced cyber attacks and to mitigate these attacks through advanced security training. THREAT-ARREST will develop a training platform to adequately prepare stakeholders with different types of responsibilities and levels of expertise in defending high-risk cyber systems and organisations to counter advanced, known and new cyber attacks. The effectiveness of the platform will be validated from technical, legal and business perspectives through real cyber systems pilots in the areas of smart energy, healthcare, and shipping. The SEA GmbH is contributing Serious Games for social engineering defence for the integrated Threat Arrest platform.

The project, which started on 1 September, is being carried out by a Consortium of 15 partners, including the Foundation for Research and Technology - Hellas, Simplan, Sphynx Technology Solutions, the University of Milano, Atos, IBM Israel Science and Technology, Social Engineering Academy, Information Technology for Market Leadership, Technical University Braunschweig, CZ.NIC Association, Danaos Shipping Co, TÜV Hellas (TÜV Nord), Agenzia Regionale Sanitaria della Puglia, and Bird & Bird.

The THREAT-ARREST project is financed by the Horizon 2020 Framework Programme of the European Union under Grant Agreement number: 786890.

 

All

Locations

Visit us

Our Main Office

Social Engineering Academy (SEA) GmbH
Amselweg 2
82140 Olching
Germany

 

Here we train

Our Training Facilities

  • Hamburg
  • Frankfurt a.M.
  • Munich

We are a young and dynamic company and located already in three metropolitan areas of Germany. We are planing to open further subsidiaries soon.

Please contact us regarding training outside our areas.

Write us

Contact Formular

We are happy to consult regarding your problems with Social Engineering Defence. Please leave us a message.