Improving Human Responses to Cyberdefense by Serious Gaming

Muhly, Fabian

doi:10.1007/978-3-031-30191-9_12

Fabian Muhly¹⁰

Part of the book series: International Series in Operations Research & Management Science ((ISOR,volume 342))

164 Accesses

Abstract

In a quasi-experiment that used a tabletop serious gaming approach, 180 soldiers of the Swiss Armed Forces were confronted with a phishing attack that employed intricate social engineering methods. The study examined the extent to which they were prone to falling to such attacks, and it investigated how serious gaming could immunize them. The results suggest that participation in serious gaming reduces the probability to be victimized by social engineering attacks. However, overconfident and indifferent users are more likely to fall for such attacks, whereas a more pessimistic stance is negatively associated with failure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Hardcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
See https://www.limesurvey.org/.

References

Aladawy, D., Beckers, K., & Pape, S. (2018). PERSUADED: Fighting social engineering attacks with a serious game. In S. Furnell, H. Mouratidis, & G. Pernul (Eds.), Trust, privacy and security in digital business (pp. 103–118). Cham: Springer.
Chapter Google Scholar
Beckers, K., & Pape, S. (2016). A serious game for eliciting social engineering security requirements. In Proceedings of the 24th IEEE international requirements engineering conference (RE).
Google Scholar
Bullée, J., Montoya, L., Pieters, W., Junger, M., & Hartel, P. (2017). On the anatomy of social engineering attacks - A literature-based dissection of successful attacks. Journal of Investigative Psychology and Offender Profiling, 15(1), 20–45.
Article Google Scholar
Bullée, J., & Junger, M. (2020). Social engineering. In The Palgrave handbook of international cybercrime and cyberdeviance (pp. 849–875).
Google Scholar
Cialdini, R. (2021). Influence, new and expanded: The psychology of persuasion. HarperCollins.
Google Scholar
DoJ. (2020). Three individuals charged For alleged roles in Twitter hack. United States Department of Justice, July 31st, 2020, see https://www.justice.gov/usao-ndca/pr/three-individuals-charged-alleged-roles-twitter-hack
Fischer, H., Boone, W., & Neumann, K. (2014). Quantitative research designs and approaches (1st. Ed.). Routledge.
Google Scholar
Ghafir, I., Saleem, J., Hammoudeh, M., Faour, H., Prenosil, V., Jaf, S., Jabbar, S., & Baker, T. (2018). Security threats to critical infrastructure: the human factor. The Journal of Supercomputing, 74, 4986–5002.
Article Google Scholar
Green, B., Prince, D., Busby, J., & Hutchison, D. (2015). The impact of social engineering on industrial control system security. In Proceedings of the first ACM workshop on cyber-physical systems-security and/or privacy (pp. 23–29).
Google Scholar
Maxfield, M., & Babbie, E. (2017). Research methods for criminal justice and criminology (8th Ed.). Wadsworth Publishing.
Google Scholar
Mouton, F., Leenen, L., & Venter, H. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209.
Article Google Scholar
Muhly, F., Leo, P., & Caneppele, S. (2022). A serious game for social engineering awareness creation. Journal of Cybersecurity Education, Research and Practice 1(4), article 5.
Google Scholar
Muhly, F. (2023). Serious gaming as crime prevention? The effectiveness of a serious game and the role of personality traits in reducing the proneness towards social engineering fraud. Thèse de Doctorat, Université de Lausanne, Faculté de droit et des sciences criminelles. (UNIL/CHUV, ID Serval: serval: BIB A7ACAD9F0113)
Google Scholar
Newbould, M., & Furnell, S. (2009). Playing safe: A prototype game for raising awareness of social engineering. In Proceedings of the 7th Australian information security management conference.
Google Scholar
Olanrewaju, A. S., & Zakaria, N. (2015). Social engineering awareness game (SEAG): An empirical evaluation of using game towards improving information security awareness. In Proceedings of the 5th international conference on computing and informatics (ICOCI) Istanbul.
Google Scholar
Popper, K. (1966). The open society and its enemies (5th ed.). Princeton NJ: Princeton University Press.
Google Scholar
Robinson, J. (2008). Researchers dupe banks with heists without holdups (p. D5). Arizona Republic.
Google Scholar
Rusch, J. (1999). The “social engineering” of internet fraud. In Proceedings of the 1999 internet society conference.
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Defense Economics, Military Academy at the Swiss Federal Institute of Technology Zurich, Birmensdorf, Switzerland
Fabian Muhly

Authors

Fabian Muhly
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fabian Muhly .

Editor information

Editors and Affiliations

Department Head, Department of Defense Economics, Military Academy at the Swiss Federal Institute of Technology, Zurich, Switzerland
Marcus Matthias Keupp

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Muhly, F. (2023). Improving Human Responses to Cyberdefense by Serious Gaming. In: Keupp, M.M. (eds) Cyberdefense. International Series in Operations Research & Management Science, vol 342. Springer, Cham. https://doi.org/10.1007/978-3-031-30191-9_12

Download citation

DOI: https://doi.org/10.1007/978-3-031-30191-9_12
Published: 20 September 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30190-2
Online ISBN: 978-3-031-30191-9
eBook Packages: Business and ManagementBusiness and Management (R0)

Publish with us

Policies and ethics