Industry insights

Gamification — Cybersecurity’s turn to play

Tyler Schultz
January 18, 2021 by
Tyler Schultz

Games are everywhere, and we can’t stop playing them.

According to the Entertainment Software Association, over 214 million Americans play video games for at least one hour every week. The most interesting part? Everyone is playing. The average age of a video game player is between 35 and 44 years old.

Video games have blossomed into a $60+ billion market in the U.S. alone, but games go far beyond the controller, mouse and app store.

Reddit used game elements to turn a simple forum into one of the top social networking sites on the planet. Fitbit turned walking into a competition. And you know that taco shop punch card is buried in your wallet? Even that’s a simple, albeit effective, game with the world’s greatest prize waiting for you after your tenth visit.

Games are everywhere, but is there room for gamification in the workplace — especially when it comes to vital business functions like security awareness training? Let’s start at the beginning.

Should you pay the ransom?

Should you pay the ransom?

Download The Ransomware Paper for real-world ransomware examples, mistakes and lessons learned.

 

What is gamification

 

Gamification takes the experiences and rewards that make games fun and engaging and applies them to everyday situations and scenarios to educate or motivate behaviors.

Gamification can be as simple as adding a leaderboard to a training exercise so employees can compare scores or as complex as using a role-playing game with levels and challenges to help players build healthy habits and achieve life goals.

 

Gamification in cybersecurity

 

With that being said, is there really room for games when it comes to security? The short answer is yes, of course.

While you may not want to immerse your SOC team in virtual reality, there are plenty of reasons to gamify your cybersecurity efforts — especially your workforce’s cybersecurity education and training.

Gamification in education has a proven track record in everything from learning a second language to SAT prep and beyond. That’s because gamified learning takes passive education and makes it experiential. Instead of learning solely through materials or instructors, students or employees learn by doing as they play a game. Experiential learning increases engagement, boosts lesson retention and encourages learners to apply knowledge or behaviors in the real world.

 

This makes gamification perfect for security awareness and cyber skill training.

 

Gamification in security awareness

 

Traditional, corporate security awareness training has the reputation of being a boring task employees dread completing. In many industries, security awareness is mandatory for every employee. This means security or training teams typically assign training once a year and have to track down employees to ensure everyone completes the required training.

Although many engaging and effective security awareness programs and plans exist, it is still a challenge to motivate employees to truly engage with their security awareness course, retain the knowledge and convert it into secure behaviors that help your organization detect and avoid security threats. Gamified security awareness training takes these challenges head-on.

For example, Infosec’s Pick Your Path Security Awareness Games lets learners play through various cybersecurity scenarios, make choices and see the rewards or consequences of their decisions. This not only makes security awareness fun and engaging, but it also makes learning experiential so employees are prepared if they run into a real security threat in the future.

 

Why gamification is effective

 

Gamification gives people additional reasons to complete tasks or adopt new behaviors that may otherwise feel difficult, uninteresting or inconsequential to the individual.

For one, games are fun. Turning a chore into an enjoyable game transforms completing a task into a fun or leisurely activity.

Games also provide rewards. This can come in the form of in-game achievements, badges, points or even the personal satisfaction of winning the game. These rewards make games competitive, which can serve both as a personal motivator and also a way for players to compare scores and experiences with other players.

Games also give players choices, which gives them control over the events and outcomes of the game. This personalizes the experience for every player and encourages them to form a closer and more personal connection with the objective or activity.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

The beauty of games is they provide players with motivation and enjoyment in many different ways. Some people play games to have fun or relax. Others are motivated by scores and objectives, while others crave the social component of many games.

That’s why gamification works. Gamification captures these motivations to create an enjoyable experience perfect for learning something new, retaining information or adopting specific behaviors.

Turning a task into a game gives people a host of reasons to not only participate but also to take a personal stake in the activity. Gamification turns a student or employee into a player motivated by the objectives, rewards and outcomes of the game.

 

Conclusion

 

Games are everywhere, and they’re here to stay. Gamifying education provides a more enjoyable experience for every learner and it gives them a reason to take a personal interest in their education. Gamifying cybersecurity training motivates employees to play an active role in preventing cyber threats at your organization.

In a world growing more gamified by the day, we say, let’s play.

 

Sources

 

Tyler Schultz
Tyler Schultz

Tyler Schultz is a marketing professional with over seven years of experience delivering SaaS solutions to organizations of all sizes. As a product marketing manager at Infosec, he is dedicated to helping organizations build strong cybersecurity cultures and meet their security awareness goals. He helps the Infosec team push the boundaries of effective and engaging security awareness training with a focus on experiential learning, gamification, microlearning and in-the-moment training. Tyler is a UW-Madison and UW-Whitewater graduate and Certified Security Awareness Practitioner (CSAP).