As information security systems become increasingly sophisticated and reliable, humans are rapidly becoming the weakest link in the security pipeline. Technological countermeasures can only be deployed if the humans depending upon them are aware of how to use them, and hackers are beginning to take advantage of the knowledge gap that exists in this area. The recent DNC hackings during the 2016 US presidential election are evidence of this, as staff were tricked into sharing passwords which granted access to confidential information by fake Google security emails. Vulnerabilities such as these are due in part to insufficient and tiresome training when it comes to information security. A potential solution is the introduction of more engaging training methods, which teach information security in an active and entertaining way. To this end, we introduce the game What.Hack to teach information security and defense methods for social engineering threats.
Unfortunately, ACM prohibits us from displaying non-influential references for this paper.
To see the full reference list, please visit http://dl.acm.org/citation.cfm?id=3048412.