Using gamification to help build cyber resilience

Using gamification to help build cyber resilience>
Continuity Central – Dr John Blythe
Nearly 82 percent of the breaches last year were a result of human errors, according to Verizon’s latest research. Whether it’s an employee unintentionally clicking a malicious link, keeping weak passwords, publicly exposing their IP addresses, or not updating software in time – human errors are present in most cyber attacks.

he problem with traditional security training is that such programmes focus on building awareness rather than actual capabilities. Most security awareness training (SAT) sessions include hours of dry presentations and click-through e-learning courses, which causes nothing but fatigue and frustration for the employees. Knowing information and acting upon it are two very distinct functions. For instance, almost every organization and workforce today knows about the threat of phishing attacks, but it’s still one of the most successful attack tactics. That’s because knowing about phishing threats and being capable of detecting, and reporting such attacks are very different.

The goal of gamification is to make non-game activities, like cyber security training more enjoyable, motivating, and rewarding by tapping into the human desire for competition, achievement, and recognition. This encourages individuals to transfer their in-game learning experience to the workplace. The core psychological benefit of gamification is the development of motivational challenges. When employees are included in gamified learning sessions, they develop the three psychological states of motivation: competence, autonomy, and connection.

It also drives connection amongst employees and teams. It’s important to understand that cyber security is an organization-wide responsibility, not just an obligation of the IT and security teams. Implementing gamified training solutions allow colleagues to actively collaborate through cyber team simulations or multiplayer crisis simulations. By cooperating to complete tasks, employees develop relatedness, which helps each other master challenges collectively. This increases competence for both individuals and teams, thus enhancing human cyber capabilities across the entire workforce.

Lastly, there’s autonomy. As employees undertake technical challenge exercises and upskill in specific security areas, they develop a positive sense of autonomy. So, when a security incident breaks out, employees are more confident in making independent decisions, thus ensuring quick and efficient responses.