What is the Summer Social Engineering Event all about?
The Summer Social Engineering Event is a competition and training event that will allow students to compete in a purely social engineering competition. The competition has a different theme each year to demonstrate the relevance of social engineering across various cybersecurity areas. The Summer 2022 competition will be taking place virtually on Fridays, Saturdays, and Sundays.
Orientation date (virtual): Saturday, May 14, time TBD (this is not optional – please hold this date on your calendar)
Competition dates (virtual, these are not optional – please hold these dates on your calendar):
Undergraduate Level: June 3, 4, 5 (9am-4pm ET)
High school Level: June 10, 11, 12 (9am-4pm ET)
Closing ceremonies (virtual): Wednesday, June 15, 4pm-5pm ET (this is not optional – please hold this date on your calendar)
What is social engineering?
Social engineering (SE) is defined as any act that uses persuasion strategies to influence individuals to take an action that may or may not be in their best interests. Many people use social engineering in everyday contexts (Social‐Engineer, Inc) .
Why is social engineering relevant?
SE is often used to conduct reconnaissance, which is the first stage of a cyberattack. Previous research indicates that adversaries, such as nation states and organized crime groups, spend a good portion of their time (50-75%) on reconnaissance. Furthermore, SE is used beyond just the initial recon stage to get more/different types of information and access.
SE may also be used maliciously by “deceiving an individual into revealing sensitive information (passwords), obtaining unauthorized access (to restricted areas such as server rooms), or committing fraud (deception via phishing) by associating with the individual to gain confidence and trust”, National Institute of Standards and Technology (NIST SP 800-63-3).
Nearly 70% of US organizations experienced SE attacks in 2017, costing the country approximately $2.76 million and each instance taking approximately 20 days to resolve. The Federal Bureau of Investigation’s 2019 Internet Crime Report noted that the total financial loss from the SE tactics of business email compromise, phishing scams, and confidence fraud/romance scams totaled more than $2.23 billion.
Cybersecurity experts agree that the human factor is increasingly being leveraged in cyberattacks, making SE a major concern for cybersecurity.
So why a ‘pure’ social engineering competitions?
There are MANY cybersecurity competitions already in existence (PicoCTF, PlaidCTF, CSAW, UCSB iCTF, US Cyber Challenge, Panoply, CPTC, CCDC, CyberPatriot, Cyber Academy, to name a few). While these are all excellent sources of hands-on training, they are primarily technical in nature and have specific focus areas, such as reverse engineering, hacking, cryptography, and exploitation. They do not emphasize the relevance of the human-socio-psychological aspects of cyberattacks and cybersecurity.
Given that the human factor is increasingly being exploited by cybercriminals, a pure SE competition grounded in the social sciences offers a timely and unique platform for students to learn about this topic in a hands-on, engaging, and ethical manner.
Who can participate?
This event is open to high school, undergraduate, and graduate students. Teams are required (solo entries are not permitted). Team sizes can range from 2-4 members. Members can be from different institutions (schools/colleges), but must be at the same educational level (ex: purely high school students).
When and how can we put our application in?
We typically open up application submission form in April or May. So stay tuned!