The advent of Social Networks has made both companies and public bodies tremendously exposed to the so-called Social Engineering 2.0, and thus prone to targeted cyber-attacks.Unfortunately, there is currently no solution available on the market that allows for the comprehensive assessment of Social Vulnerabilities or the management and reduction of the associated risk. DOGANA fills this gap by developing a framework that enables an advanced Social Engineering and vulnerability assessment. The underlying concept of DOGANA is that socially driven vulnerability assessments help deploy effective mitigation strategies and lead to reductions of the risk created by modern Social Engineering 2.0 attack techniques. Moreover, the outcomes of the project provide a solid basis for revising insurance models for cybercrime-related risks. DOGANA delivers a complete toolset to detect and prevent social-engineering cyber-attacks at 4 levels: technological, legal, and educational (developing new awareness training methodologies to improve the education of employees), and with regard to risk management. The project is implemented by a consortium of 18 partners, from 11 different countries, including end-user organizations, technology providers including three cyber-security market leaders as well as legal and psychological expertise. An extensive field trial plan enabled testing the DOGANA platform with six user organizations (4 partners and 2 supporting organizations) operating in the critical areas of energy, finance, transport, utilities, and public authorities. The Center for Technology Experience is responsible for the psychological foundations of new gamified awareness training methods, user interface designs, as well as for evaluating these methods within several smaller lab trials and a large field trial with end-users.
Key Words: Social Engineering 2.0, Social Vulnerability, Socially-driven Vulnerabilities Assessment (SDVA), Social Networks, Gamified Awareness Methods, Phishing Wars
Duration: 36 months
Customer / Funding Organisation: EC (Digital Security: Cybersecurity, Privacy and Trust; H2020 DS-06-2014)
AIT-Contact: Valentin Gattol, Markus Garschall