Social Engineering in Cybersecurity – with PwC


Start: January / February 2017 (different start date in consultation)

In today's changing environment, we are seeing an increase cyber threats where ,next to technological aspects, the human factor is the weakest link in the overall security chain. A striking example is the $81M Bangladesh heist where an administrator was forced to disabuse employee accounts to make malicious money transfers. This shows that a focus on technological measures solely is not sufficient anymore.

We propose that you write an overview of social engineering techniques and provide a taxonomy, based on the literature and on observations and/or interviews.

The aim of the thesis is to develop a framework with criteria that could be used for measuring the impact of social engineering attacks to our clients. These criteria could be a basis for example to determine an adequate approach to increase security awareness with our clients by combining different type of social engineering attacks.

Data from several sources can be analyzed. You can interview professionals working in the Cyber Security team of PwC who are engaged in performing social engineering attacks which are typically: mail phishing, phone phishing and testing of physical security using piggy backing/ tail gaiting techniques. It may also be possible to analyses cases. If there is an opportunity we will try to actively involve the student to experience social engineering in a real environment.

We are looking for a student who is enthusiastic about this topic and eager to work in the cyber security team of PwC. We expect the student is pro-active and able to define and execute a research plan with support from the supervisors.

For more information on working at PwC:

Do not hesitate to contact one of the supervisors here above for more information on this vacancy.