Finding the needle in the cybersecurity haystack: Why gamification is the answer you’ve been looking for

  • Circadence
  • January 09, 2019

To say we’re on an upward trajectory in the cybersecurity space would be an understatement. Cyber threats are increasing. Organizational spending is increasing. And the cost of a data breach is increasing—to somewhere around $3.62 million per breach according to the Ponemon Institute. With such exponential growth across the field, CISOs are actively looking for ways to strengthen their efforts. With the plethora of information available today, it is like finding a needle in a haystack. It’s hard to know whom to believe, what to believe and how often. With so many options available, CISOs are understandably stymied in making educated decisions for an optimal solution. Fortunately, our 20+ years in the gaming industry have led us to a valuable conclusion that can help CISOs professionally develop their teams—and protect their organization. The answer lies in gamification 

It’s a buzz word floating its way around the technology sphere for quite some time and is gaining momentum. It’s commonly defined as a process of adding games or game-like elements to something. The term was originally coined in 2002 by a British computer programmer named Nick Pelling. The term hit mainstream when a location-sharing service called Foursquare emerged in 2009, employing gamification elements like points, badges, and “mayorships” to motivate people to use their mobile app to “check in” to places they visited.  

The term hit buzzword fame in 2011 when Gartner officially added it to its “Hype Cycle” list. But we’re not recommending gamification because it is the new, shiny object on the heels of AI. We’ve seen gamification work for companies looking to train their cyber teams.   

How does it work 

Unlike compliance-driven teaching methods, gamified teaching engages practitioners individually and in teams, through modern learning strategies. It works by deploying connected, interactive, social settings that allow learners to excel in competitive, strategic situations. It allows trainees to apply what they know to simulated environments or “worlds,” creating a natural “flow” that keeps them engaged and focused. And we’re not talking about simple Capture the Flag games, we’re referring to cybersecurity exercises inspired by game-like activities to effectively engage learners.

According to Training Industry, gamified training programs are customizable based on an organization’s needs; visually-driven through use of progress bars and milestones; and are usually time-bound to hold employees accountable for task completion. Further, achievements, points, badges, trophies, and rewards/recognition of progress gives users a sense of accomplishment, keeping them motivated and engaged. 

Why is gamification powerful?  

The next gen learner (born after 1980) has never known a world without video games so it’s a natural progression that cyber training incorporate a style of teaching that best suits today’s learner. Neuroscientist Eric Marr said the reason it works so well is because when an individual engages with gamified simulations, the brain releases dopamine, a chemical that plays a role in the motivational component of reward-driven behavior. He says “Dopamine helps activate the learning centers in the brain. If your brain releases dopamine while you’re learning something, it helps you remember what you’ve learned at a later date.”  

Studies like “I Play at Work: Ten Principles for Transforming Work Processes Through Gamification” outline the following benefits:  

  • Increased engagement, sense of control and self-efficacy   
  • Adoption of new initiatives  
  • Increased satisfaction with internal communication  
  • Development of personal and organizational capabilities and resources   
  • Increased personal satisfaction and employee retention   
  • Enhanced productivity, monitoring and decision making    

 

At Circadence®, we have taken these learnings and applied them to our own flagship product, our cybersecurity training platform Project Ares®. Recognizing the widening cyber skills gap and evolving threats, only the most productive and effective training mechanisms will do—and the latest research tells us that gamified environments are here to stay. An immersive training platform, Project Ares appeals to today’s learner—and gets CISOs and their colleagues excited about training again. In contrast to passive, traditional instructor-led courses, gamification provides an active, continuous learning, people-centric approach to cybersecurity skills development.   

For a more in-depth look at the Importance of Gamification in Cybersecurity, download our white paper here.