What is Collegiate SECTF?
The Collegiate Social Engineering Capture-the-Flag (SECTF) is a competition and training event that will allow students to compete in a purely social engineering intercollegiate competition and offer free training to students and educators. The 2022 event dates are TBD.
What is social engineering?
Social engineering is defined as any act that uses persuasion strategies to influence individuals to take an action that may or may not be in their best interests. Many people use social engineering in everyday contexts (Social‐Engineer, Inc) .
Why is social engineering relevant?
Social engineering is often used to conduct reconnaissance, which is the first stage of a cyberattack. Previous research indicates that adversaries, such as nation states and organized crime groups, spend a good portion of their time (50-75%) on reconnaissance.
Social engineering may also be used maliciously by “deceiving an individual into revealing sensitive information (passwords), obtaining unauthorized access (to restricted areas such as server rooms), or committing fraud (deception via phishing) by associating with the individual to gain confidence and trust”, National Institute of Standards and Technology (NIST SP 800-63-3).
Nearly 70% of US organizations experienced SE attacks in 2017, costing the country approximately $2.76 million and each instance taking approximately 20 days to resolve. The Federal Bureau of Investigation’s 2019 Internet Crime Report noted that the total financial loss from the SE tactics of business email compromise, phishing scams, and confidence fraud/romance scams totaled more than $2.23 billion.
Cybersecurity experts agree that the human factor is increasingly being leveraged in cyberattacks, making social engineering a major concern for cybersecurity.
So why a ‘pure’ social engineering CTF?
There are MANY CTFs already in existence (PicoCTF, PlaidCTF, CSAW, UCSB iCTF, US Cyber Challenge, Panoply, CPTC, CCDC, CyberPatriot, Cyber Academy, to name a few). While these are all excellent sources of hands-on training, they are primarily technical in nature and have specific focus areas, such as reverse engineering, hacking, cryptography, and exploitation. They do not emphasize the relevance of the human-socio-psychological aspects of cyberattacks and cybersecurity.
Given that the human factor has been identified as the weakest link in cyberattacks, a pure Collegiate SECTF grounded in the social sciences offers a timely and unique platform for students to learn about social engineering in a hands-on, engaging, and ethical manner.