Raising Social Engineering Awareness Through Gameplay
Ian Loyiso Ngqoyiyan, JT Janse van Rensbur, Jacob Jacobus Greef, North-West University, South Africa
World Conference on Mobile and Contextual Learning,
The human factor is an oversight that is often neglected by management in organisations, which consequently contributes to significant security breaches. Within cyber security, social engineering is a concept that deals with cyber-attacks on people. Administrative staff are end-users who often have access to sensitive internal business information and processes. The combination of being an end-user neglected by the information security function, and having access to sensitive information makes administrative staff prime targets for cyber criminals, and social engineering attacks in particular. The goal of this paper is to present a game-based artefact that can be used to raise social engineering awareness among administrative target users. A case study is presented, via a design science research model, which includes discussion on the processes followed for creating a conceptual design, a prototype, and evaluating the artefact. In total, 27 participants contribute to the design of the artefact in a participatory design strategy. Pre-and post-testing indicates that 60% of participants experience increased learning, indicating that awareness around social engineering was raised.
Ngqoyiyan, I.L., van Rensbur, J.J. & Greef, J.J. (2020). Raising Social Engineering Awareness Through Gameplay.