Won 3rd place of the German IT-Security Award

The Horst Görtz Foundation hosted on October, 16th 2016 for the 6th time the German IT-Security Price (Deutscher IT-Sicherheitspreis). A jury of acknowledged IT-security experts from industry and academia chose among 45 contenders the most market-relevant innovations for IT-security.

The jury rewarded our solution with the 3rd place.

Definition & Examples

What is Social Engineering?

Social Engineering is the intelligent exploitation of the natural human tendency to trust people with the intend to commit a cyber attack.

Examples

  • An attacker pretends to be a technician of your telco provider and requests the password for your router.
  • The victim gets manipulated to install malware on his/her system by an attacker who pretends to be an employee of an operating system vendor. The attacker asks the victim to install a system update which contains malware.

Social Engineering Training

Problems

Social Engineering is difficult to train, because it is
based on complex human behavioural patterns.

 

Trainings are often generic, boring,
and without (lasting) effect.

 

Penetration Tests can cause subsequent problems:

  • Frustation of employees
  • Violation of privacy laws and regulations
  • Only a snapshot

Our Solution

Why a Game?

Learning about Social Engineering while you are playing. You will be able to detect attacks and identify vulnerabilities.

  • Gameworld, nobody makes a mistake, just assumptions.
  • Creates curiosity, excitement and fun.
Unser Gamekit

38,4 %

of all companies suffer from Social Engineering attacks.

18,3 %

of all companies train their staff to resist Social Engineering attacks.

20,1 %

of all attacks hit staff that is not trained to resist Social Engineering attacks.

Source: Corporate Trust – Business Risk & Crisis Management, “Studie: Industriespionage 2014 – Cybergeddon der Deutschen Wirtschaft durch NSA & Co.?”


86 % of all IT-Security Attacks contain a Social Engineering element.

85 % of all CISOs are not satisfied with their Security Awareness Program.

99 % of all Social Engineering Attackers are satisfied with their Chances for Success.

Source: These numbers are based on our experiences and assessments.

Overview

Our Serious Game Hatch

500

Satisfied Players

10

Publications

5

Scenarios

3

Languages

Research

Our solutions are based on our research results. We analyze, evaluate and publish our foundational research and develop services and products based on these results.
For this purpose, we collaborate with leading universities and research institutes in Germany and worldwide e.g. UK and China.

Evaluation of the Serious Game Hatch

We have evaluated our game scientifically. The study was conducted with full-time employees with an academic degree of various companies and students. Overall 250 players participated in our study.

The significant majority of all players have stated that they increased their knowledge about social engineering, have elicited new threats and even that they could apply the gained knowledge in their daily work.

Interactive Security Awareness Training Offers

with our Serious Games HATCH and PROTECT

Game with Realistic Scenario

HATCH Inhouse Training

  • Players attack a simulation of their company
  • Realisitc attacks are identified
  • Discussions and ratings of attacks

Game with domain-specific Scenario

HATCH Inhouse Training

  • Players attack fictitious personas
  • Multiple domain-specific scenarios
  • Creation of further scenarios possible

Online Game

PROTECT Remote Training

  • Players defend against attacks
  • Attacks based on experience
  • Immediate feedback on reactions
Hatch me, if you can!

Core part of our training is the card game HATCH (Hack and Trick Capricious Humans) which teaches everyone to identify and prevent Social Engineering attacks (which attack for example as telco service staff and motivate the installation of malware).

  • We aim for simple and effective solutions.
  • We are passionate for our Ideas.
  • We work with integrity, confidentiality and respect.
  • We can help you to protect your company against social engineering.

Our simple rules and content allow players to understand the foundation of social engineering during training. We have invented HATCH based on our common research interest and continue to evolve our solution with the help of collaborations with leading academic institutions.

What we offer

Training and Consulting

Interactive Security Training & Coaching

We offer trainings concerning all topics focusing on the human factor in cyber security. Our trainings motivate to participate and are designed for non-security experts.

Furthermore, we offer coaching for CISOs and IT-security experts with the focus on raising interest in security topics of all employees.

Threat Analysis & Threat Intelligence

We support you in analyzing the data collected while playing our serious game. The data allows us to identify precise threats regarding social engineering for your company.

We consult you with freely available information regarding threats for your company that are relevant and how these should be prioritized based on the results of the card game.

Longterm Strategy & Standard Compliance

After a number of trainings and analysis have been conducted and results exist, we offer advice on your longterm training strategy for your company including the identification of security metrics and success measurements for your training.

We support integrating the trainings in your security management approach including support for documentation and quality control.

Holistic Security Awareness

Portfolio

Holistic Social Engineering Defence
  • We offer a constructive program of measures, which starts with Awareness Training with our Serious Game Hatch
  • a further analysis of the collected data during playing our serious game HATCH allows a threat analysis. 
  • The analysis allows a permanent improvement of the training to suit your company best.
  • The threat analysis is basis for improving the defense against Social Engineering via precise and targeted countermeasures. These protect your companies fortune and data. 
  • Finally, the documentation of the steps above can be included in security certification efforts, e.g. a realization of the ISO 27001 Control A.7.2.2 - Information security awareness, education and training.

All

Locations

Visit us

Our Main Office

Social Engineering Academy (SEA) GmbH
Eschersheimer Landstraße 42
60322 Frankfurt am Main
Germany

Phone: +49 (0) 69 9451952 40
Fax: +49 (0) 69 9451952 41
E-Mail:

Here we train

Our Training Facilities

  • Hamburg
  • Frankfurt a.M.
  • Munich

We are a young and dynamic company and located already in three metropolitan areas of Germany. We are planing to open further subsidiaries soon.

Please contact us regarding training outside our areas.

Write us

Contact Formular

We are happy to consult regarding your problems with Social Engineering Defence. Please leave us a message.