Abstract
Social Engineering attacks have been a rising issue in recent years, affecting a multitude of industries. One industry that has been of great interest to hackers is the Healthcare industry due to the high value of patient information. Social Engineering attacks are mainly common because of the ease of execution and the high probability of victimization. A popular way of combatting Social Engineering attacks is by increasing the user’s ability to detect indicators of attack, which requires a level of cybersecurity education. While the number of cybersecurity training programs is increasing, Social Engineering attacks are still very successful. Therefore, education programs need to be improved to effectively increase the ability of users to notice indicators of attack. This research aimed to answer the question - what teaching method results in the greatest learning gains for understanding Social Engineering concepts? This was done by investigating text-based, gamification, and adversarial thinking teaching methods. These three teaching methods were used to deliver lessons on an online platform to a sample of Purdue students. After conducting analysis, both text-based and adversarial thinking showed significant improvement in the understanding of Social Engineering concepts within the student sample. After conducting a follow-up test, a single teaching method was not found to be better among the three teaching methods. However, this study did find two teaching methods that can be used to develop training programs to help decrease the total number of successful Social Engineering attacks across industries.
Acknowledgement
I would like to first thank my family and friends for their support throughout my graduate studies. Especially to my parents for their love and constant prayers during rough times. I am extremely grateful to have such a supportive family that has encouraged me to continue my studies in a field that I am interested in. Without your help, I do not think I would have been able to complete this thesis or even get to where I am today. Likewise, I want to thank my friends for always keeping me company, even if it was through a phone call. Those random conversations really helped me during my rough times. I would like to give my gratitude to my advisor Dr. Ida Ngambeki. Without her help, I would have been extremely lost as to the process of doing a master's thesis. The constant support and guidance really helped me in being able to complete this thesis. I have learned a lot about what researchers do, and I respect the amount of work that is put into doing research. I would like to also thank my committee members, Dr. BaijianYang, Dr. MarcusRogers, and Dr. Dawn Laux who gave me a lot of feedback on how to better this thesis. Your feedback really helped me evolve my research from what it was, so I thank you all for that. Finally, I would like to thank my academic advisor, Dr. Eugene H. Spafford, who helped me understand the steps I needed to take to start my thesis research and graduate. I would have not been able to get to the thesis writing without your guidance. I really appreciate all your help.
