The Internet Crime Complaint Center, or IC3, in its report on Internet Crimes in 2012 stated that it received nearly 290,000 complaints from cyber victims and total dollar losses arising from the complaints were close to $525.5 million. In another report by Kaspersky, 31% of IT professionals have not heard of any of the most common cyber-threats including those targeted at the corporate sector. Cyber-crimes are on the rise in the past few years while the awareness about the risks is less to none even among IT professionals.
The Kaspersky report suggests that teaching employees about the basics of being secure online is as much important as installing security software. However, content in the form of an email or security warnings is likely to be forgotten by employees. Company lecturers will not translate into practice when the knowledge needs to be applied. So, organizations are exploring games as a means to bring about awareness on cyber threats and make employees more vigilant in the cyber space.
Many organizations have already come up with unique teaching methodologies to educate employees and even general public about cyber security, games being one of them. Several organizations have developed games for the purpose of teaching and reinforcing simple methods to ensure online safety.
- The US government has awarded a grant of $750,000 to a company to develop a ‘micro-game’ platform for training US Air force employees on cyber security awareness and training.
- FBI has set up an online portal and launched a Safe Online Surfing (SOS) Internet Challenge to teach school kids about cyber security.
- Air Force Association based in Arlington launched a social media game named ‘CyberVille’ where players are supposed to defend the virtual town from cyber-attacks.
- Hax Attacks by Cyber Griffin is an app for teaching cyber security to protect oneself from being a victim of cyber-attack.
- Net Wars from SANS institute is a scenario-based learning environment (they don’t call it a game) that attempts to develop skills of information for security professionals to employ them better in their job situation.
Why do you think games are being increasingly explored as an option for cyber security training? With increase in the types of cyber-crimes that are taking place, new innovative methods need to be explored for effective knowledge transfer. Games in particular are proving to be effective for the following reasons:
- They challenge the knowledge of learners and motivate them to learn.
- They enable learners to employ higher order skills such as strategic thinking, analyzing opposition strengths and weakness and execute a winning plan.
- They provide a risk-free environment to experiment and fail without untoward consequences. Learners end up learning from their mistakes.
- Games tend to ‘hook’ learners and it is positively received as compared to a typical classroom training session that tends to be theoretical and boring.
- Tips and safety guidelines offered toward cyber security are more effectively retained in a hands-on/simulated environment.
Thus, it comes as no surprise that organizations are increasingly employing games to reinforce learning in the cyber security area. Have you had a chance to receive IT security training through scenario-based games? Was it effective in educating the measures to be adopted in safeguarding cyber security? Do share your experiences.