cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Gamifying Cybersecurity Can Help

Level 13

Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting article by Mark Hensch about when my colleague Arthur Bradway spoke at a conference about gamifying cybersecurity to improve results.

Can gaming significantly improve how governments protect their cybersecurity by making their employees more careful about how they use their IT?

According to one cybersecurity expert, the answer might be yes. Arthur Bradway says turning security training into a game can help public servants remember tips for keeping their agency’s data safe.

“A big topic lately is gamifying the security training,” Bradway said during GovLoop’s virtual summit. “We all like games. We all like to win.”

Bradway is a senior government sales engineer at SolarWinds, a software provider specializing in network, systems, and IT management.

According to Bradway, many agencies use dull training lectures, presentations, and videos that don’t help their employees retain cybersecurity knowledge.

“A lot of these methods aren’t engaging to the end user,” he said. “You spend time to get your users there and they don’t remember anything. By making it more engaging, they’ll retain more of the information.”

Bradway said creating games can also help agencies establish, teach, and enforce IT controls for their workforces.

IT controls consist of the procedures and policies to help ensure technologies are being used for their intended purposes in a reasonable manner.

Examples of some general controls used for essential IT processes include risk and change management, security, and disaster recovery.

When it comes to IT controls, government employees are often unaware of what their agencies expect from them in terms of cybersecurity.

“End users are our weakest links in all of this,” he said. “The majority of them don’t know anything about security. They’re used to being constantly connected anywhere they want on their devices. They assume they’ll be able to do the same thing at the office.”

Unfortunately, governments can’t take cybersecurity concerns lightly because of the sensitive data they often handle.

Governments that fail to protect their data can lose the trust of their citizens, suffer financial damage, and even endanger national security.

Bradway said, however, gaming can help prevent cybersecurity incidents by teaching public servants about the topic in an entertaining way.

For example, he continued, gaming can educate people about the different cyberthreats currently menacing agencies.

Bradway suggested one game where players assume the role of such cyberthreats as hostile foreign governments to learn how they act.

“When people are playing the role of the bad guy, they realize, ‘Wait, there’s more than one type of bad guy in the world?’” he said. “They realize more is going on and they need to start paying attention to it.”

Gamifying security training could resonate with public servants—especially younger ones—who are used to playing games on their mobile devices.

“Everyone is used to doing something on their phones and getting some little reward,” he said. “We know the end users are the problem. A lot of this highlights the trainings, policies, and procedures in place.”

Find the full article on GovLoop.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

12 Comments
Level 14

Thanks for the article.

Level 13

Interesting concept.  A lot of research shows that gamification works really well in various areas (The Fun Theory 1 – Piano Staircase Initiative | Volkswagen - YouTube ).  Interesting idea to try it with Cyber.

MVP
MVP

This has been done in the private sector for years now.  I think if they are just now looking into this at the federal level they are way behind the curve.

Phishing email is a good example to start with. 

Level 12

Wait... making education interesting, entertaining, and engaging will increase retention and improve learning?

I think every teacher and professor I have ever had is going to strongly disagree with this conclusion.

Level 16

That does sound like a fun and educational exercise. A tabletop exercise on 'how would you break in' would also be an educational experience.

MVP
MVP

Thanks for the article.

Level 13

Thanks for the article

Level 12

As a side note. One line per sentence double spaced is almost as difficult to read as all caps is, at least for me.

Anything that gets users used to paying attention to details that matter for security is a winner in my book

Level 14

Totally agree with this.  Users will just ignore being told what to do.  Make it fun and they will learn (even if they don't want to).  Make it seem like they aren't even learning will make it even better. 

Level 12

thanks for the post

Level 14

I've been banging on about this for years but management just don't want to listen.  You need people to look forward to the next lesson, be talking about the last one and not realise that they are learning.  You can make it fun and competitive without having to supply prizes but that helps too.  Look at what Solarwinds have done to get us learning about their products.  Thwack.