Gamifying Cybersecurity Can Help

Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting article by Mark Hensch about when my colleague Arthur Bradway spoke at a conference about gamifying cybersecurity to improve results.

Can gaming significantly improve how governments protect their cybersecurity by making their employees more careful about how they use their IT?

According to one cybersecurity expert, the answer might be yes. Arthur Bradway says turning security training into a game can help public servants remember tips for keeping their agency’s data safe.

“A big topic lately is gamifying the security training,” Bradway said during GovLoop’s virtual summit. “We all like games. We all like to win.”

Bradway is a senior government sales engineer at SolarWinds, a software provider specializing in network, systems, and IT management.

According to Bradway, many agencies use dull training lectures, presentations, and videos that don’t help their employees retain cybersecurity knowledge.

“A lot of these methods aren’t engaging to the end user,” he said. “You spend time to get your users there and they don’t remember anything. By making it more engaging, they’ll retain more of the information.”

Bradway said creating games can also help agencies establish, teach, and enforce IT controls for their workforces.

IT controls consist of the procedures and policies to help ensure technologies are being used for their intended purposes in a reasonable manner.

Examples of some general controls used for essential IT processes include risk and change management, security, and disaster recovery.

When it comes to IT controls, government employees are often unaware of what their agencies expect from them in terms of cybersecurity.

“End users are our weakest links in all of this,” he said. “The majority of them don’t know anything about security. They’re used to being constantly connected anywhere they want on their devices. They assume they’ll be able to do the same thing at the office.”

Unfortunately, governments can’t take cybersecurity concerns lightly because of the sensitive data they often handle.

Governments that fail to protect their data can lose the trust of their citizens, suffer financial damage, and even endanger national security.

Bradway said, however, gaming can help prevent cybersecurity incidents by teaching public servants about the topic in an entertaining way.

For example, he continued, gaming can educate people about the different cyberthreats currently menacing agencies.

Bradway suggested one game where players assume the role of such cyberthreats as hostile foreign governments to learn how they act.

“When people are playing the role of the bad guy, they realize, ‘Wait, there’s more than one type of bad guy in the world?’” he said. “They realize more is going on and they need to start paying attention to it.”

Gamifying security training could resonate with public servants—especially younger ones—who are used to playing games on their mobile devices.

“Everyone is used to doing something on their phones and getting some little reward,” he said. “We know the end users are the problem. A lot of this highlights the trainings, policies, and procedures in place.”

Find the full article on GovLoop.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

Thwack - Symbolize TM, R, and C