Game face on: Why gamification is the new darling of cybersecurity
All over the world, wars are waging. And it’s not just guns people are fighting with. We live in an age of cyber warfare, where nation states attack each other via computers, and hackers hold the potential to bring down large corporations and even whole economies.
Everyone is at risk from cybercrime, not least businesses. Security company Cybersecurity Ventures predicts cyber crime will cost the world $6 trillion by 2021. The number of attacks are increasing, up 27.4 per cent each year, according to a joint paper by the Ponemon Institute and Accenture.
With the cost of cybercrime so high, it’s essential businesses around the world are able to protect themselves from threats. Gamification is one such way.
What is gamification?
The process of turning something into a game in order to further learning of the concept, gamification can be applied to a broad range of business functions, from customer service to human resources. And now, it’s being applied to cybersecurity.
If you can get employees to talk about cybersecurity round the lunch tables, you’ll have had a massive win.
Gamification can involve a range of activities. The most famous example is PwC’s game of threats, whereby senior executives and board members are placed into two teams. They are given a range of actions to choose from, and one team must attack while the other defends. After each round, someone is at hand to give feedback and explain some of the more complicated concepts.
Other techniques involve sending round fake phishing scams and seeing how many people report them. Having a points system and leader board for various tasks bring in an element of competition, and often companies will give out rewards when employees reach a certain number of points.
Gamification is often much more digestible than normal training – it can be done in six 10-minute sessions, for example, instead of having a one-hour of presentation during which employees’ minds can wonder elsewhere.
Ultimately, gamification helps raise awareness – if you can get employees to talk about cybersecurity round the lunch tables, you’ll have had a massive win. This is especially the case as human error is so prominent in cyberattacks.
Why is gamification necessary?
Human error is involved in over 95 per cent of cybersecurity breaches, IBM has found. Most people don’t mean to cause a cybersecurity breach, however due to a lack of awareness of the type of threat they might face, hackers can use simple tactics such as phishing scams to get their feet in the door. From there, they can use more sophisticated methods to conduct a large scale attack, but they normally still need some sort of human involvement to begin with.
While a business’ cybersecurity team may be pulling their hair out after a breach thinking about all the training they conducted, it’s frequently the case that these exercises simply weren’t engaging enough.
Gamification, on the other hand, is an interactive, fun way of learning about attacks, with an FX-MM report finding 77 per cent of employees believe game-based training to be more effective than traditional methods.
Regular fake phishing scams and other techniques can also help to highlight where certain employees may need a little extra training. Further, it will mean they’ll be more prepared to report real scams, taking a lot of work away from a company’s cybersecurity team.
LOOKUP keeping your enterprise cybersecure
Businesses have never been more vulnerable to cyberattacks, and while gamification can have a huge impact, your network and processes must also have a range of cybersecurity measures in place. LOOKUP specialises in providing managed security services for Australian SMEs. For more information on how we can keep your enterprise cybersecure, contact us today.