Gamification in Cyber Security
The primary concern for most CISOs (Chief Information Security Officers) is how to defend their company’s networks.
The secondary concern, no longer far behind, is how to protect a company from its own employees. As has been proven, over and over, the compliance of staff is at times negligible (such as improving passwords) and at other times, non-existent (patching systems, exercising basic security protocol).
Whilst cyber espionage and insider jobs are increasingly common within the cyber space, across the board there is a severe lack of cyber training for most employees, including senior management. This tense at times, awkward situation has only had more attention drawn it’s way, since the passing of SHEILD legislation in New York state and the California Law.
Why are we concerned?
Cyber security breaches are rising, governments are getting concerned, and everyone is under immense pressure to close the gap between our knowledge and our abilities to implement cyber security across organizations.
One of the solutions, straight from the tech world itself, is gamification, seen as a potentially effective weapon to increase employee’s ownership of cyber-risk management.
Gamification is the process of taking a website, a learning skills course, an enterprise application, and adding game mechanics to make it both fun and engaging. Gamification of cybersecurity practices within a company would mean utilizing employees psychological need for competition, success, status and self-improvement to inevitably reduce the risk of cyber security incidents.
So why use gamification?
Is it just a gimmick? According to the American Psychological Association, most definitely not. Gamification not only improves the learning curve dramatically; it improves performance which long term will make it easier to detect and thwart security threats.
Gamification can provide:
Gamification and rewarding increase engagement and retention. By putting milestones into the learning process, cyber awareness and cyber security skills become far more achievable.
Gamification allows companies to promote healthy competition by adding leaderboards for top performers to public dashboards. The cyber student with more badges or credits gains kudos on the leaderboard which motivates everyone. Public recognition has been proven to drive a deeper attitude of risk ownership and management.
Furthermore, applying gamification with an AI-powered or automated cybersecurity platform allows corporate security teams to assess employees that may need extra training and identify other weaknesses.
Games are fun, whereas cyber training can be viewed as boring. By taking the best out of the gaming world and applying it to something that many of us see as dry. Gamification can improve a businesses cybersecurity with an exciting and interactive approach.
Offering real-time rewards for milestones throughout the duration of the learning experience will promote positive learning experience. That boost in morale should have a worthwhile impact on not only cybersecurity, but also on business in general.
The key takeaway is that security training is absolutely necessary in today’s world. Figuring out better ways to train employees of security threats is an increasingly important task. Gamification could be your alternative option to fighting against human error.