Won 3. Place of the German IT-Security Price

Deutscher IT-Sicherheitspreis

The Horst Görtz Foundation hosted on the 16. October 2016 for the 6. time the German IT-Security Price (Deutschen IT-Sicherheitspreis). An jury of acknowledge IT-security experts from industry and academia chose among 45 contenders the most market-relevant innovations for IT-Security.

The jury rewarded our solution with the 3. Place.

Definition & Examples

What is Social Engineering?

Social Engineering is the intelligent exploitation of the natural human tendency to trust people with the intend to commit a cyber-attack.

Examples

  • An attacker pretends to be a technician of your telco provider and requests the password for your router.
  • The victim gets manipulated to install malware on his/her system by an attacker, who pretends to be a employee of a operating system vendor. The attacker asks the victim to install a system update, which contains the malware.

Social Engineering Training

Problems

Social Engineering is difficult to train, because it is
based on complex human behavioural patterns.

 

Trainings are often generic, boring,
and without (lasting) effect.

 

Penetration Tests can cause subsequent problems:

  • Frustation of employees
  • Violation of privacy laws and regulations
  • Only a snapshot

Our Solution

Why a Game?

Learning about Social Engineering while you are playing. You will be able to detect attacks and identify vulnerabilities.

  • Gameworld, nobody makes a mistake, just assumptions.
  • Creates curiosity, excitement and fun.
Unser Gamekit

38,4 %

Companies that suffered Social Engineering Attacks

18,3 %

train their staff to resist Social Engineering attacks.

20,1 %

Attacks on staff that is not trained to resist social engineering attacks. 

Source: Corporate Trust – Business Risk & Crisis Management, “Studie: Industriespionage 2014 – cybergeddon der deutschen wirtschaft durch nsa & co.?.”


86 % of all IT-Security Attacks contain a Social Engineering element.

85 % of all CISOs are not satisfied with their Security Awareness Program.

99 % of all Social Engineering Attackers are satisfied with their Chances for Success.

Quelle: Diese Zahlen basieren auf unseren Erfahrungen und Abschätzungen.

Overview

Our Serious Game Hatch

250

Satisfied Players

8

Publications

5

Scenarios

3

Languages

Research

Our solutions are based on our research results. We analyze, evaluate and publish our foundational research and develop services and products based on these results.
For this purpose, we collaborate with leading universities and research institutes in Germany and internationally e.g. UK and China.

Evaluation of the Serious Game Hatch

We have evaluated our game scientifically. The study was done with full time employees with an academic degree of various companies and students. Overall 250 players participated in our study.

The significant majority of all players have stated that they increased their knowledge about social engineering, have elicited new threats, and even that they could apply the gained knowledge in their daily work.

Interactive Security Awareness Trainingsoffers

with our Serious Game 'Hatch'

Realistic Scenario

Duration 2 h

  • Players attack their co-workers in the gameworld
  • Realisitc attacks are identified
  • Discussions and ratings of attacks

Domain-spezific Scenario

Duration 2 h

  • Players attack fictitious personas
  • Multiple domain-spezific scenarios
  • Creation of further scenarios possible

Online Game

Duration 20 m

new

  • Customized online game
  • Train your security policies
  • Immediate feedback of reactions
Hatch me, if you can!

Core part of our training is the card game HATCH (Hack and Trick Capricious Humans), which teaches everyone to identify and prevent Social Engineering attacks (which attack for example as telco service staff and motivate the installation of malware).

  • We aim for simple and effective Solutions.
  • We are Passionate for our Ideas.
  • We work with Integrity, Confidentiality and Respect.
  • We can help you to protect your company against social engineering.

Our simple rules and content allow players to understand the foundation of social engineering during training. We have invented HATCH based on our common research interest and continue to evolve our solution with the help of collaborations with leading academic institutions.

What we offer

Training und Consulting

Interactive Security Training & Coaching

We offer trainings regarding all topics focusing on the human factor in Cyber-Security. Our trainings motivate to participate and are designed for non-security-experts.

Furthermore, we offer Coaching for CISOs and IT-Security experts with the focus to raise interest in security topics of all employees.

Threat Analysis & Threat Intelligence

We support you in analyzing the data collected while playing our serious game. The data allows us to identify precise threats regarding social engineering for your company.

We consult you which freely available information regarding threats for your company are relevant and how these should be prioritized based on the results of the card game.

Longterm Strategy & Standard Compliance

After a number of trainings and analysis have been conducted and results exist, we offer advice on your longterm training strategy for your company including the identification of security metrics and success measurements for your training.

We support integrating of the trainings in your Security Management approach including support for documentation and quality control.

Holistic Security Awareness

Portfolio

Holistic Social Engineering Defence
  • We offer a constructive program of countermeasures, which starts with Awareness Training with our Serious Game Hatch
  • Further Analysis of the collected data during playing our serious game HATCH for a threat analysis. 
  • The analysis allows a permanent improvement of the training to suit your company best.
  • The threat analysis is the basis for improving the defense against Social Engineering via precise and targeted countermeasures. These protect your companies fortune and data. 
  • Finally, the documentation of the steps above can be included in security certification efforts, e.g. an realization of the ISO 27001 Control A.7.2.2 - Information security awareness, education and training.

Alle

Locations

Visit us

Our Main Office

Social Engineering Academy (SEA) GmbH
Eschersheimer Landstraße 42
60322 Frankfurt am Main
Germany

Phone: +49 (0) 69 9451952 40
Fax: +49 (0) 69 9451952 41
E-Mail:

Here we train

Our Training Facilities

  • Hamburg
  • Frankfurt a.M.
  • München

We are a yound and dynamic company and located already in three metropolitan areas of Germany. We are planing to open further subsidiaries soon.

Please, contact us regarding training outside our areas.

Write us

Contact Formular

We are happy to consult regarding your problems with Social Engineering Defence. Please leave a message.