Abstract
In a quasi-experiment that used a tabletop serious gaming approach, 180 soldiers of the Swiss Armed Forces were confronted with a phishing attack that employed intricate social engineering methods. The study examined the extent to which they were prone to falling to such attacks, and it investigated how serious gaming could immunize them. The results suggest that participation in serious gaming reduces the probability to be victimized by social engineering attacks. However, overconfident and indifferent users are more likely to fall for such attacks, whereas a more pessimistic stance is negatively associated with failure.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
References
Aladawy, D., Beckers, K., & Pape, S. (2018). PERSUADED: Fighting social engineering attacks with a serious game. In S. Furnell, H. Mouratidis, & G. Pernul (Eds.), Trust, privacy and security in digital business (pp. 103–118). Cham: Springer.
Beckers, K., & Pape, S. (2016). A serious game for eliciting social engineering security requirements. In Proceedings of the 24th IEEE international requirements engineering conference (RE).
Bullée, J., Montoya, L., Pieters, W., Junger, M., & Hartel, P. (2017). On the anatomy of social engineering attacks - A literature-based dissection of successful attacks. Journal of Investigative Psychology and Offender Profiling, 15(1), 20–45.
Bullée, J., & Junger, M. (2020). Social engineering. In The Palgrave handbook of international cybercrime and cyberdeviance (pp. 849–875).
Cialdini, R. (2021). Influence, new and expanded: The psychology of persuasion. HarperCollins.
DoJ. (2020). Three individuals charged For alleged roles in Twitter hack. United States Department of Justice, July 31st, 2020, see https://www.justice.gov/usao-ndca/pr/three-individuals-charged-alleged-roles-twitter-hack
Fischer, H., Boone, W., & Neumann, K. (2014). Quantitative research designs and approaches (1st. Ed.). Routledge.
Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., Jabbar, S., & Baker, T. (2018). Security threats to critical infrastructure: the human factor. The Journal of Supercomputing, 74, 4986–5002.
Green, B., Prince, D., Busby, J., & Hutchison, D. (2015). The impact of social engineering on industrial control system security. In Proceedings of the first ACM workshop on cyber-physical systems-security and/or privacy (pp. 23–29).
Maxfield, M., & Babbie, E. (2017). Research methods for criminal justice and criminology (8th Ed.). Wadsworth Publishing.
Mouton, F., Leenen, L., & Venter, H. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209.
Muhly, F., Leo, P., & Caneppele, S. (2022). A serious game for social engineering awareness creation. Journal of Cybersecurity Education, Research and Practice 1(4), article 5.
Muhly, F. (2023). Serious gaming as crime prevention? The effectiveness of a serious game and the role of personality traits in reducing the proneness towards social engineering fraud. Thèse de Doctorat, Université de Lausanne, Faculté de droit et des sciences criminelles. (UNIL/CHUV, ID Serval: serval: BIB A7ACAD9F0113)
Newbould, M., & Furnell, S. (2009). Playing safe: A prototype game for raising awareness of social engineering. In Proceedings of the 7th Australian information security management conference.
Olanrewaju, A. S., & Zakaria, N. (2015). Social engineering awareness game (SEAG): An empirical evaluation of using game towards improving information security awareness. In Proceedings of the 5th international conference on computing and informatics (ICOCI) Istanbul.
Popper, K. (1966). The open society and its enemies (5th ed.). Princeton NJ: Princeton University Press.
Robinson, J. (2008). Researchers dupe banks with heists without holdups (p. D5). Arizona Republic.
Rusch, J. (1999). The “social engineering” of internet fraud. In Proceedings of the 1999 internet society conference.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Muhly, F. (2023). Improving Human Responses to Cyberdefense by Serious Gaming. In: Keupp, M.M. (eds) Cyberdefense. International Series in Operations Research & Management Science, vol 342. Springer, Cham. https://doi.org/10.1007/978-3-031-30191-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-30191-9_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30190-2
Online ISBN: 978-3-031-30191-9
eBook Packages: Business and ManagementBusiness and Management (R0)