COMPARING SOCIAL ENGINEERING TRAINING IN THE CONTEXT OF HEALTHCARE

Social Engineering attacks have been a rising issue in recent years, affecting a multitude of industries. One industry that has been of great interest to hackers is the Healthcare industry due to the high value of patient information. Social Engineering attacks are mainly common because of the ease of execution and the high probability of victimization. A popular way of combatting Social  Engineering attacks is by increasing the user’s ability to detect indicators of attack, which requires a level of cybersecurity education. While the number of cybersecurity training programs is increasing, Social Engineering attacks are still very successful. Therefore, education programs  need to be improved to effectively increase the ability of users to notice indicators of attack. This research aimed to answer the question - what teaching method results in the greatest learning gains  for understanding Social Engineering concepts? This was done by investigating text-based,  gamification, and adversarial thinking teaching methods. These three teaching methods were used  to deliver lessons on an online platform to a sample of Purdue students. After conducting analysis,  both text-based and adversarial thinking showed significant improvement in the understanding of  Social Engineering concepts within the student sample. After conducting a follow-up test, a single  teaching method was not found to be better among the three teaching methods. However, this study  did find two teaching methods that can be used to develop training programs to help decrease the  total number of successful Social Engineering attacks across industries.