When sitting down to write this article we wanted to share HOW gamification benefits the cybersecurity industry, but also WHY it can work effectively. The “why” question in its most simple term is that gamification touches on human needs. Most of us studied Maslow’s Hierarchy of Needs in our Psychology 101 classes so this is going to resonate.
Here is a quick refresher for those that slept through the class:
Fundamentally, gamification satisfies our needs to belonging, emotional connection, being part of a community, self-expression, and being recognized and rewarded.
So, what is gamification exactly?
Gamification is the application of playing video games to learn and to deeply enjoy, motivate and engage in the process. Nick Pelling, who coined “gamification” in 2002 defined it as “Applying game-like accelerated user interface design to make electronic transactions enjoyable and fast.” We think of it simply as using games motivate learning in all aspects of the real-world. In our collective real-world, that is cybersecurity.
For many years the defense and intelligence communities have relied upon a concept called gamification to test concepts, strategies, and potential outcomes in various scenarios via computer simulation. They have found that gamification heightens interest of the players involved and serves as a stimulus for creativity and interchange of ideas which is vital for keeping an edge. As computers have become faster and more capable and data gathering abilities have has exponentially grown, gamification has become a “go to” process many involved in the security community.
The information and technology research firm Gartner defines gamification as “the use of game mechanics and experience design to digitally engage and motivate people to achieve their goals” They note that gamification applies these to motivate the audience to higher and more meaningful levels of engagement.
Gamification in cybersecurity for both the public and private sectors makes great sense for several reasons:
- It creates cybersecurity awareness
- It creates an ability to discover gaps in in the monitoring framework
- It can be a guiding element in allowing companies to best determine how they direct their resources toward mitigating vulnerabilities and threats
- It helps address the workforce shortage and plugs the skills gap by cultivating a next generation of computer and video gamers.
The reality is that most workers don’t understand even the basics of cybersecurity. Although many companies institute training programs often mandated by policy, a quick test or refresher on cyber policies, it is not enough to create an awareness of the multitude of threats in an increasingly digital world. Gamifying the learner’s experience will enhance interest in the cyber and also help people understand how and why cybersecurity attacks occur.
We have seen the implications of workers in all industries creating costly data breaches by inadvertently opening a phishing email containing malware. Heck, it is wreaking havoc on the local governments and health care particularly. Gamification will provide a better mechanism for training users on how to prevent and respond to the changing landscape of cybersecurity. Gamification can even be helpful to experienced cyber professionals in providing testing and simulation for a custom cybersecurity strategy while also stimulating the workforce at the same time. It is now being adapted by companies for all these purposes. For example, Price Waterhouse Cooper developed Game of Threats™ to help senior executives and Boards of Directors test and strengthen their cyber defense skills.
Most companies are learning the hard way that what they thought was secure is really not. Data breaches are an epidemic and every year of intrusion reports outpaces the previous year. As a result of procrastination on cyber threats, corporate leadership has been playing catch up by procuring IT security technologies, educating their boards of liability issues, and hiring cybersecurity talent. However, deciding how to best allocate resources, focus on specific industry threats, and design prevention and contingency plans are not an easy task. Gamification can be helpful in providing testing and simulation for a custom cybersecurity strategy while stimulating the workforce at the same time.
The new generation of young talent has been raised on computer and video games. They are “wired” for a career where they can utilize their digital skills and maintain their lifestyle. Cybersecurity can be logical path and fulfilling for those who already thrive on the gaming culture for entertainment. This can help recruit new people into the industry and reduce the massive shortage in cyber talent (unfilled positions) estimated to surpass four million people according to ((ISC)2). Cybersecurity with gamification can be logical path and fulfilling for those who already thrive on the gaming culture for entertainment. Gamification is a growing trend with promising cybersecurity outcomes.
Chief Experience Officer