Gamification — Cybersecurity’s turn to play
Games are everywhere, and we can’t stop playing them.
According to the Entertainment Software Association, over 214 million Americans play video games for at least one hour every week. The most interesting part? Everyone is playing. The average age of a video game player is between 35 and 44 years old.
Video games have blossomed into a $60+ billion market in the U.S. alone, but games go far beyond the controller, mouse and app store.
Reddit used game elements to turn a simple forum into one of the top social networking sites on the planet. Fitbit turned walking into a competition. And you know that taco shop punch card is buried in your wallet? Even that’s a simple, albeit effective, game with the world’s greatest prize waiting for you after your tenth visit.
Games are everywhere, but is there room for gamification in the workplace — especially when it comes to vital business functions like security awareness training? Let’s start at the beginning.
Phishing simulations & training
What is gamification
Gamification takes the experiences and rewards that make games fun and engaging and applies them to everyday situations and scenarios to educate or motivate behaviors.
Gamification can be as simple as adding a leaderboard to a training exercise so employees can compare scores or as complex as using a role-playing game with levels and challenges to help players build healthy habits and achieve life goals.
Gamification in cybersecurity
With that being said, is there really room for games when it comes to security? The short answer is yes, of course.
While you may not want to immerse your SOC team in virtual reality, there are plenty of reasons to gamify your cybersecurity efforts — especially your workforce’s cybersecurity education and training.
Gamification in education has a proven track record in everything from learning a second language to SAT prep and beyond. That’s because gamified learning takes passive education and makes it experiential. Instead of learning solely through materials or instructors, students or employees learn by doing as they play a game. Experiential learning increases engagement, boosts lesson retention and encourages learners to apply knowledge or behaviors in the real world.
This makes gamification perfect for security awareness and cyber skill training.
Gamification in security awareness
Traditional, corporate security awareness training has the reputation of being a boring task employees dread completing. In many industries, security awareness is mandatory for every employee. This means security or training teams typically assign training once a year and have to track down employees to ensure everyone completes the required training.
Although many engaging and effective security awareness programs and plans exist, it is still a challenge to motivate employees to truly engage with their security awareness course, retain the knowledge and convert it into secure behaviors that help your organization detect and avoid security threats. Gamified security awareness training takes these challenges head-on.
For example, Infosec’s Pick Your Path Security Awareness Games lets learners play through various cybersecurity scenarios, make choices and see the rewards or consequences of their decisions. This not only makes security awareness fun and engaging, but it also makes learning experiential so employees are prepared if they run into a real security threat in the future.
Why gamification is effective
Gamification gives people additional reasons to complete tasks or adopt new behaviors that may otherwise feel difficult, uninteresting or inconsequential to the individual.
For one, games are fun. Turning a chore into an enjoyable game transforms completing a task into a fun or leisurely activity.
Games also provide rewards. This can come in the form of in-game achievements, badges, points or even the personal satisfaction of winning the game. These rewards make games competitive, which can serve both as a personal motivator and also a way for players to compare scores and experiences with other players.
Games also give players choices, which gives them control over the events and outcomes of the game. This personalizes the experience for every player and encourages them to form a closer and more personal connection with the objective or activity.
Phishing simulations & training
The beauty of games is they provide players with motivation and enjoyment in many different ways. Some people play games to have fun or relax. Others are motivated by scores and objectives, while others crave the social component of many games.
That’s why gamification works. Gamification captures these motivations to create an enjoyable experience perfect for learning something new, retaining information or adopting specific behaviors.
Turning a task into a game gives people a host of reasons to not only participate but also to take a personal stake in the activity. Gamification turns a student or employee into a player motivated by the objectives, rewards and outcomes of the game.
Conclusion
Games are everywhere, and they’re here to stay. Gamifying education provides a more enjoyable experience for every learner and it gives them a reason to take a personal interest in their education. Gamifying cybersecurity training motivates employees to play an active role in preventing cyber threats at your organization.
In a world growing more gamified by the day, we say, let’s play.
Sources
- 2020 Essential Facts About the Video Game Industry, Entertainment Software Association
- Most popular mobile social networking apps in the United States as of September 2019, by monthly users, Statista
- 5 Benefits of Experiential Learning In The Workplace, Edgepoint Learning
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Gamification — Cybersecurity’s turn to play
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Cybersecurity automation: Tips to do it right in your organization
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights
Industry insights
Cybersecurity automation: Tips to do it right in your organization