for a structured defence against Social Engineering
You have to organise a company event or a day for IT security in your company and you want that the threat of Social Engineering gains awareness. We support you with keynote speeches, war stories, game sessions with our serious game HATCH and further actions on request.
You want to raise the awareness for social engineering with presents, posters and performances of awareness trainers as part of a campaign for Social Engineering awareness. We support you in the creation of posters, game cards, pens and further gadgets that inform about Social Engineering. Furthermore, we provide trainers that discuss possible Social Engineering attacks with your employees.
VIP Awareness Training
We offer dedicated Awareness Trainings for decision makers e.g. CEO and CFO with a focused training with our Serious Game HATCH. The training informs about instances of particular Social Engineering attacks on these stakeholders e.g. CEO fraud and how instances of these attacks might look like in your company. We use our proven serious game HATCH to educate about these attacks.
Role-specific Awareness Training
We offer various additions for our serious game HATCH, in order to customise the training for colleagues working in e.g. financing, sales or purchasing divisions. In these trainings concrete assets of each department are defined and besides attacks on them, their protection value is discussed.
Scenario-specific Awareness Training
We offer trainings for companies operating in specific domains e.g. energy, water or consultancy. In these scenarios the players attack fictitious personas working in these domains. Each person has specific character traits which a Social Engineer could exploit.
We provide an individual threat assessment with our Serious Game HATCH. A well-selected sample of all important roles in your company shall participate in playing the serious game HATCH and elicit Social Engineering attacks. We support in selecting important staff, documenting the results and conducting the game rounds.
We offer a deep analysis if the elicited attacks via the threat assessment. We also support the prioritisation of attacks based on your criteria. The prioritisation shall be based on assets and on incidents in recent history in your domain.
Policy Consistency Check
We offer a consistency check between your IT-security policy and the elicited Social Engineering threats. The possible conflicts will be discovered and resolved, missing measures will be added to your IT-security policy.
We prepare your employees for Social Engineering attacks including using the correct defence based on your IT-security policy with our serious game PROTECT. The game PROTECT is an online-based card game which contains Social Engineering attacks and defences. These are customised for each customer. The offer contains also a feature that prints certificates for successful participants and a high score for healthy competition. PROTECT is implemented as an Amazon AWS application and therefore scales to all possible demands.
Process for Incident Detection and Handling
Often Social Engineering attacks remain unnoticed by the security department because companies do not have a process of reporting and analysing these incidents. These circumstances make it easy for Social Engineering attackers to try their attacks multiple times. Remember: only one attempt needs to be successful for a successful attack. We consult you in creating a process for Incident Detection and Handling for Social Engineering.
Social Engineering InDepth
In this training the participants gain a detailed view into the approaches of social engineering attackers on the basis of current scientific literature and industry best practices. Furthermore, the techniques are taught in interactive role plays and refined by the participants for scenarios relevant to their domains. Therefore, providing the participants with the notion of where to focus their attention on defending against the Social Engineering threat.
Social Engineering Threat Intelligence
The topic reconnaissance is crucial for the preparation of a social engineering attack. In this training the participants learn which tools social engineering attackers have at their disposal and how Social Engineering attackers use them to prepare their attacks. We provide best practices of how to impede Social Engineering attackers in their reconnaissance efforts against your company.
We developed various serious games for Social Engineering and provide in this training an interaktive overview of all of these games. Furthermore, we show various games regarding IT-security from other vendors. After the participants played these games, we discuss with them how to use these serious games purposeful in their companies.
Please contact us for an individual offer.