Gamification in Cybersecurity Training: Increasing Protection Against Cybercrime
Hackers have been around since the first computer came on the scene; however, what began as reverse-engineering hardware and software to design a better product soon gave birth to one of the biggest problems in modern life: cybercrime.
In 1980, John Draper (aka “Captain Crunch”) earned notoriety as the first criminal hacker when he used a whistle he found at the bottom of a cereal box to trick the phone company’s computer system and make free long-distance calls. However, the world got its first wake-up call about the threat eight years later when Robert Morris used a worm he created while a Cornell student to drain resources from computers on the internet’s precursor, the Arpanet.
Morris was given a ten-thousand-dollar fine and community service since it was determined that his intent was to conduct an “experiment” to uncover vulnerabilities in the system – a goal he most certainly accomplished as the computers were rendered temporarily unusable. Since then, far more serious cybercrimes have emerged, increasing apace with technological development. Indeed, as we have seen in the past several years it has its tentacles in everything from U.S. politics and international conflicts to our daily online transactions.
Mystery of Cybercrime
For many of us cybercrime is still shrouded in mystery, conjuring up images of villains in dank basements twisting their mustaches as they create viruses that can steal individuals’ identities and infiltrate seemingly impenetrable banks. The speed at which hackers are able to develop new ways of interrupting our lives is mind-boggling, yet there are still steps everyone can take to mitigate risk. Basically, these steps come down to education and good online habits, which is why the white hats are now turning to gamification to help companies take their cybersecurity training to the next level.
Cybersecurity
The creation of immersive environments has long been recognized as one of the most effective ways in which gamification facilitates learning – for example, when employees are able to tackle challenges in simulated environment. An exciting development in the cybersecurity space is CSI: Phishing released last month by Global Learning Systems. The name cleverly echoes that of the popular TV franchise; the world is a company at which a security breach has occurred. The player steps into the role of “investigator” racing to find the origin of the breach by examining employees’ emails and social media posts. Gone are the days when phishing was obvious, and this platform drastically improves the ability to spot red flags that have become increasingly subtler as hackers have become more sophisticated.
Such a platform also goes a long way to get employees to take the training seriously. Yes, they understand the consequences of a breach, however, they might not necessarily feel like it impacts them personally. The right immersive environment drives this possibility home, thereby increasing their investment in the mission. Additionally, even the best-intentioned employees can easily become bored with the traditional cybersecurity trainings – that is, asking them to read through data and then take a quiz. When not engaged, they tend to rush through the material or not finish it – especially when they have more pressing work tasks. However, when they are required to apply the knowledge to a “real-life” situation, they are more likely to retain the information, and enjoy the process enough to take it to the next level.
Protect Your Platform Through Gamification
To this end, it would be wise to have a gaming platform with multiple cybercrime scenarios. As damaging as it can be, phishing is pretty low-hanging fruit in the cybercrime space; it is actually more of an “invitation” to be scammed that is rendered harmless if the recipient of the email is savvy enough to delete it without clicking on any links. Unfortunately, there are other forms of hacking that are far more difficult to stop, so it stands to reason that Global Learning Systems and other companies will be coming out with trainings that address them as well.
Like other gamification programs, you can really get creative with animated characters and fun sound effects, as well as points each time phishing is spotted and leaderboards celebrating high performers. Also, you don’t necessarily have to create an entirely new platform to be effective, but instead can incorporate these components into your existing trainings.
As is the case in other arenas (i.e., recruiting, onboarding, sales training, and so on), gamification is not a panacea when it comes to keeping your business and its consumers safe. Hacking is a complex and insidious problem orchestrated by some truly nefarious – and super-intelligent – people; otherwise, it wouldn’t be such a serious threat to governments, financial institutions, and shopping sites. That said, gamification is an essential weapon in our arsenal against cybercrime, both in terms of increasing our awareness of the ways in which it shows up and honing our skills on how to stop it before it destroys our companies and our peace of mind.