Dave Reeves, Vice President, Australia & New Zealand, Delinea, makes the case for gamified cybersecurity training.
Cybersecurity is now a challenge for all organisations. As Mikko Hypponen said: “We are no longer just protecting systems, but we are now protecting society.”
And if organisations don’t protect society, society will come after them. That is what one Australian finance company discovered when it was hit by a class action after a data breach in which driver’s license details of nearly eight million former and current customers were stolen.
Identity information theft was already a big issue following large-scale data breaches at telecommunications company Optus and medical insurance firm Medibank as they affected millions of customers – many of whom have had their sensitive data stolen multiple times.
While governments consider what the regulatory and legal response should be, organisations have been put on notice that they must lift their game or suffer the consequences.
Cybersecurity is a people, process and technology problem. Frameworks like the Australian Government’s Essential Eight, as well as cyber insurance companies, call out the requirement to restrict admin privileges by deploying and operationalising solutions such as Privileged Access Management (PAM) tools as they provide a foundational control for organisations to be cyber resilient.
According to Verizon’s recently published 2023 Data Breach Investigation Report, stolen credentials are used in over 40% of data breaches. Once attackers gain access to an organisation’s infrastructure, they can start finding ways to move laterally and escalate privileges to access critical data, erasing their traces to remain undetected in the system, often for months or years. While technology can help, organisations must also have appropriately skilled IT staff and educate all employees on the best cyber hygiene practices.
The global workforce shortfall between the number of jobs and qualified personnel in cybersecurity passed 3.4 million people in 2022 and continues to grow annually. Despite hundreds of thousands of layoffs in Big Tech globally, the cybersecurity sector continues to have a huge swathe of job openings and, according to research by Per Capita, the number of unfilled positions in Australia is predicted to hit 30,000 by 2026.
This is why we need to explore new ways not only to attract people into a career in cybersecurity but also to upskill and reskill the information technology and security professionals we already have. The old ways of developing talent are no longer good enough.
An obvious way to do this is through gamification.
Cybersecurity gamification, or hacking gamification, aims at improving people’s hands-on technical expertise and collaboration skills by incentivising them to solve security-related challenges through competitions and rewards.
The term gamification is bit misleading though, as it makes you think about a bunch of adults playing games instead of working.
In reality, hacking gamification puts employees in real-world scenarios and makes them think under pressure and evaluate their ability to respond. It relies on critical thinking and collaboration to achieve optimal outcomes. With experiential learning techniques like gamification, participants are more likely to remember skills and be able to put them to use.
Hackers often think outside the box. Hacking gamification makes people learn how cyber criminals think and act so they can apply new strategies to combat them.
However, cybersecurity should not be considered only as a means to keep your digital assets safe, it should be interwoven into your company fabric and part of your organisational culture, encompassing all business areas.
Here, there are at least four other benefits of providing gamified cybersecurity training.
- More effective continuous training for professionals
Keeping one step ahead of cyber criminals requires constant training, particularly in cyberattack defence and response. Nothing beats practical experience in combatting threats and working across teams to solve problems and reduce an organisation’s risk.
- Open up career opportunities and uncover talent
Gamification gives people a platform to showcase their skills and get noticed. Many gamification platforms have a leaderboard to show who has won the most points based on their progress through various challenges.
Some organisations organise gamified hackathons to identify the best talent. This can lead to new career opportunities for IT or cybersecurity professionals and help organisations fill difficult positions.
- Promote teamwork across different teams
Gamified training helps break down silos between groups and increase collaboration between different business units and skill sets.
Not only does this mirror the cooperation required to address cyber threats in the world, but it also increases learning opportunities.
For example, organisations can mix skill sets within a team participating in a cybersecurity game. Developers with the skills to build technology can be paired with staff usually tasked with standing up systems and tearing them down.
Gamification adds a fun element to cybersecurity not usually there when people deal with real-world threats and incidents. This breaks down barriers between different teams and skill sets so they can learn from each other and solve challenges.
- Make cybersecurity training more engaging
What would you rather do? Listen to a recorded PowerPoint presentation and take several quizzes or turn your mandatory cybersecurity training into a game that promotes practical approaches and better knowledge retention?
Gamification also adds a social element by allowing employees to compete for prizes, making it much easier to engage them and help them stay engaged.
If you decide that cybersecurity gamification has a role in your organisation, you may be surprised by how easy it is to get up and running.
Anyone can do it, regardless of their level of cybersecurity knowledge.
There are several cybersecurity gamification platforms offering single-player games and competitions. You can also participate as a team through online groups or organise your own competition.
Gamification is an effective and underutilised strategy that almost every organisation can and should use to plug their cyber skills gap.
And if we don’t find new ways to lift our cybersecurity game, we will all be the losers.
Click below to share this article