Top Tax Season Scams and How to Avoid Them

Doing taxes can be stressful enough without worrying that your sensitive information may fall into the wrong hands. With more and more taxpayers doing their taxes online, having awareness of potential threats is the first step in practicing cyber safety this tax season. Here are 4 of the most popular tax scams used by hackers each year to be on the lookout for:

 

  1. Tax Refund Fraud – This scam involves and filing false returns with them. They will typically claim a low income with high deductions and will file electronically. When a taxpayer goes to legitimately file their return, it is rejected by the IRS because someone else already filed under that identity. To prevent this, one can request an Identity protection PIN from the IRS before filing. This is a six-digit pin that must be used on a tax return in addition to an SSN in order to verify the identity of the taxpayer.

 

  1. W-2 Email Phishing Scam – Some hackers choose to go straight to the source for private information: employers. Cyber criminals have been known to trick major companies into turning over copies of W-2 forms for their employees. This is actually a CEO imposter scam, where a criminal pretends to be a top company employee and asks payroll or human resources for sensitive information. This information is then used to file bogus returns or is sold online to other criminals.

 

  1. IRS Phone Scam – Scammers make calls claiming they are with the IRS, acting as though a tax bill is owed that one must pay immediately or be arrested. They use common names to identify themselves and fake IRS badge numbers to appear legitimate, send fake emails to support their verbal phone claims, and they will usually call again claiming to be the police department or the DMV in an attempt to extort additional funds. Yikes! One thing to note: the IRS will NEVER call an individual. They send official notices in the mail, but if the IRS pops up on the caller ID, don’t answer.

 

  1. Canceling Your SSN – Criminals are making calls and threatening to suspend or cancel your Social Security numberuntil overdue taxes are paid. The scam may seem legitimate because the caller has personal information, including the last four digits of your SSN. If someone calls and threatens to cancel or suspend your social security number, hang up immediately. If they call back, don’t answer. Write down the number and then report the call on this site, and send an email with the subject of “IRS Phone Scam” to phishing@irs.gov and include the phone number, as well as any other details that are relevant, in the body of the email.

With more taxes processed online and scammers always thinking one step ahead, it’s important for every employee receiving their W-2s to have cyber awareness training. Understanding the risks that are out there help people to feel more empowered to thwart them when handling personal online transactions.

Combatting Tax Scams with inCyt

Circadence is here to help. Our newest product, inCyt, is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. inCyt’s progressive, inventive cyber learning program teaches cybersecurity awareness through games and interactivity with colorful characters and friendly competition. Lessons are embedded in the gameplay, so players learn cybersecurity basics as soon as they engage with the program. Players start learning basic cybersecurity topics including email security and best practices for software updates before venturing to understand more nuanced concepts about social media, insider threats, ransomware and more. inCyt will be available in Spring 2020.

Empower your employees with persistent, hands-on cyber training. To learn more visit: https://www.circadence.com/products/inCyt

inCyt: Bring the Power of Cyber Safety to your Whole Organization 

What is at the core of cyber? Is it computer chips? Monitors? Servers? Cyber wouldn’t be where it is today, or at all, without: humans. Understanding what it takes to keep your organization cyber safe starts and ends with the human element. As the only constant in the world of cyber, professionals need to practice awareness and continued training in order to defend against looming threats. 

Circadence is excited to announce our newest product, inCyt. inCyt is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. We believe that in order to prevent cyber attacks, cyber security must be woven into the very fabric of company culture. This platform will allow your entire organization, from Roger at the reception desk to Sally in the sales departmenteveryone needs to persistently practice awareness to gain a deeper understanding of cyber safe practices. 

 

Did you know: 

  • 52% of businesses say that employees are their biggest weakness in IT security, with careless actions increasing overall risk. 

 

To address these trends, we will be demo-ing inCyt live at this year’s RSA Conference in San Francisco, where the theme is The Human Element. 

Prior to showing off this exciting platform’s capabilities live, we will be hosting a webinar, inCyt: Inside the Human Element of Cyber, on February 18thRegister today to get a first look at this new technology and see how inCyt can help take your organization’s cyber readiness to the next level through games! 

Living Our Mission: Building a Roadmap to Bring Product Vision to Reality with Circadence’s Raj Kutty

This installment of the “Living our Mission” blog series features Circadence’s Rajani “Raj” Kutty, Senior Product Manager.  

Raj is fascinated by technology’s evolution in the marketplace and that interest has informed her career path toward success. She achieved her masters degree in computer science from University of Pennsylvania in 2003. From there, she spent 15-16 years in the tech industry and has always been interested in the everchanging advancements in technology. Her tech background consists of Java programming, business analysis and product management. In the beginning of her career, she worked on mobile app designs, web app development, and programming for various industries including finance, insurance, retail, and more. For the last 10 years, she’s moved into the direction of product management. Her shift into this area began because she enjoys building a roadmap for product development and seeing it through the various stages from identifying a problem in the market, and creating a product that solves pain points for customers. Her experience working with many different industries provides an advantage to Circadence since she has a first-hand understanding of why these businesses can benefit from additional cyber security training to protect company assets.

Raj started at Circadence about 7 months ago and was immediately captivated by the concept of cyber readiness and the security industry as a whole. Throughout her profession, she noticed a growing issue many companies faced: a lack of cyber security awareness and training. Over the years, she heard a lot about the cyber workforce shortage and knew the first step to creating a solution for this problem was to get the user engaged with the right type of training. In her mind, if the user is engaged in training, then it would result in better cyber defense for the organization. Her previous work experience, thoughts about cyber security readiness and ideas around engaged training were validated when she heard what Circadence was doing to help companies be “cyber ready” using gamified learning platforms. In the past, training would consist of a video, classroom lecture or reading textbooks- something dry and boring, she said. Raj felt Circadence offered a unique solution to get people interested in cyber security, which could lead to more strategic cyber defense performance and possibly minimize the cyber workforce gap.

“Training has to be fun and interesting to the user, while still being effective. I feel like Circadence is offering this to the cyber workforce in a game-play mode, which is more engaging for the user.”

Day to day, Raj works with different departments and team members at Circadence developing product strategy and bringing a product roadmap to life. Her knowledge across many industries helps ensure our products meet the needs of different organizations, while still maintaining in-depth cyber training and ease-of-use for the customer. Much like planning a road trip, which requires knowledge of route to destination, Raj leads her team every day by investigating and communicating strategy and plans to determine where they need to go next to bring the product to market.

Her main focus over the last couple months has been a new portal Circadence is developing called CyberBridge. CyberBridge is the entry point at which users can access all Circadence cyber learning platforms including Project Ares®, inCyt®, Orion® and more. It’s a global SaaS platform that offers different types of cyber training content for different markets.

“I love that I get to help design a product that addresses the cyber challenges across different industries and the ability to provide a readiness solution pertinent to each sector’s security pain points.”

The products Raj helps map to market fulfills her goal of bringing much-needed cyber awareness and training solutions to everyone and every business. Her perspective: With every tech integration, Bluetooth connection, and device-to-device communication we implement to make our working lives easier, we inherently increase our cyber risk as our attack surface widens. There are no signs of a slowing tech usage, hence why the importance of cyber awareness continues to grow each day. When we talk about how businesses need to protect themselves, we’re really talking about the people of a business, since people are what make up a company. In today’s world of escalating cyber threats, it’s everyone’s responsibly to gain cyber awareness to protect a company.

“Cybersecurity is like community immunity, when everyone gets vaccinated, we are improving and protecting our greater community, and cyber security works the same way.”

Photo by John Lockwood on Unsplash

Photo by Bogdan Karlenko on Unsplash

Human Resources Takes on Cyber Readiness: How to Mitigate Cyber Risks with Security Awareness Training

Every year hackers come out of the woodwork to target various companies, specifically around the holiday season. In fact, cyber attacks are estimated to increase by as much as 50 – 60% over the holidays. With staff often spread thin and consumers taking advantage of online shopping and banking for added convenience, the timing is perfect for HR professionals to stay vigilant with how they onboard new employees with cyber education while encouraging good cyber hygiene among existing colleagues. Understanding the risks employees come across while online, how to train them to detect and mitigate these risks, and how you as an HR manager can ensure continued efforts to harden security posture will make you a cyber safety hero this holiday season!

While IT and cyber professionals are primarily responsible for securing a company’s networks and ensuring teams are up to snuff, the reality is that cyber risk extends beyond what occurs in the server room. Human error continues to be one of the top reasons cyber attacks are successful. This means that not only do security teams need to be trained, but cyber training across every department, with every employee who works on a computer, is essential to obtain and maintain good cyber hygiene across the company. If every employee in your organization understands how their actions can impact overall company security, more personal responsibility will be taken to maintain cyber safety.

Don’t fret! HR professionals need not be masters in cyber security. There are great tools out there to help anyone learn the basics and be able to share their foundational learning with others. So, what are some of the things you can learn and train employees on to mitigate attacks?

  • Phishing emails – With inboxes flooded daily, it can be hard to spot potential threats in emails. Hackers send targeted emails that may address a work-related matter from a co-worker or manager. One click on the wrong email, and you could be infecting your business device with malware. It is important every employee understand what suspicious emails “look” like and how to avoid nefarious click bait.
  • Using company devices for personal work – It’s an easy thing to do – grab a work device off the counter and start online shopping, emailing friends and family, or finally getting around to baking that chocolate chip cookie recipe from Martha Stewart. However, accessing un-secured sites and opening personal, and potentially phishing, emails on a work computer puts companies at risk. As an HR manager, you must recognize this common occurrence and be able to speak to it with your staff. If a hacker is able to gain access to a business computer through an employee’s personal use, they gain access to all of the company information on that employee’s device as well.
  • Using personal devices to conduct business – The same can be said for using personal devices to conduct business. It can be difficult to “turn off” after work hours and many employees answer some work emails on their cell phone, or load a work document on his/her personal tablet or laptop. When company staff access potentially sensitive business documents on their personal device, they risk leaking that information to a hacker. To prevent attacks company-wide, HR pros must be aware of how often this type of behavior occurs and work closely with their IT department to learn how company networks are secured when remote access is granted to employees outside of home and work IP addresses.

HR managers: Spread good cyber hygiene!

Security awareness training is becoming increasingly prevalent at companies that know what it takes to have good cyber hygiene. According to a recent report by Infosec, about 53% of U.S companies have some form of security awareness training in place. While this is still barely over half, it’s a start. So what can you do to rank among companies leading the charge in cyber security?

  • Offer continuous training – Cyber security awareness training is not a “one and done” event. This kind of training should continue throughout the year, at all levels of an organization, and be specific to different job roles within the company. Technology is always changing, which means the threatscape is too. When you are battling a constantly shifting enemy, your employees need to be vigilantly trained to understand each shift.
  • Perform “live fire” training exercisesLive fire exercises (LFX) happen when users undergo a simulated cyber attack specific to their job or industry. One example is having your IT department send out a phishing email. See how many people click on it and show them how easily they could have been hacked. This data can be used to show progress, tailor problem areas, and train to specific threats as needed.
  • Stress the importance of security at work and at home – Showing employees the benefit of cyber awareness in the workplace translates to awareness at home as well. Help prospective and existing employees gain a wide breadth of understanding about cyber best practices by making learning approachable instead of unattainable or intimidating.
  • Reward good cyber hygiene – Reward employees who find malicious emails or other threats with your company’s IT team and share success stories of how employees helped thwart security issues with vigilant “eyes” on suspicious activity. Equally, it is important to also empathize with employees who make mistakes and give them the tools to learn from their mistakes. Many employees receive hundreds of emails each day, and while training tips and education are helpful tools, it is not a perfect solution.

Training employees to be cyber aware can be difficult unless a structured program and management strategy is in place. We’re here to help! Circadence’s security awareness platform, inCyt, is coming soon! inCyt allows employees to compete in cyber-themed battles and empowers them to understand professional and personal cyber responsibility. By cultivating safe cyber practices in virtual environments, HR managers can increase security awareness and reduce risks to the business.

To learn more and stay in the know for upcoming product launches, visit www.circadence.com

Photo by Austin Distel on Unsplash

Photo by Alex Kotliarskyi on Unsplash

Living our Mission: Project Ares Takes Full Flight with Cloud-Native Architecture

According to CIO magazine, about 96% of organizations use cloud services in one way or another. In partnership with Microsoft, we are proud to announce that Circadence has redesigned its Project Ares cyber learning platform to fully leverage a cloud-native design on Microsoft Azure.  This new, flexible architecture improves cyber training to be even more customized, scalable, accessible, and relevant for today’s professionals.

This transition to cloud infrastructure will yield immediate impacts to our current customers.

  • Increased speeds to launch cyber learning battle rooms and missions
  • Greater ability to onboard more trainees to the system from virtually any location
  • More access to cyber training content that suits their security needs and professional development interests

Proven success at Microsoft Ignite

At the recent Microsoft Ignite conference (November 2019), more than 500 security professionals had the opportunity to use the enhanced platform.  Conference participants set up CyberBridge accounts and then played customized battle rooms in Project Ares. Microsoft cloud-based Azure security solutions were integrated into the cloud-based cyber range to provide an immersive “cloud-in-cloud” sandboxed learning experience that realistically aligned to phases of a ransomware attack.  The new version of Project Ares sustained weeklong intensive usage while delivering on performance. 

So what’s new in the new and improved Project Ares?

Curriculum Access Controls for Tailored Cyber Learning

One of the biggest enhancements for Project Ares clients is that they can now control permissions for  training exercises and solution access at the user level. Customer Administrators will use the new CyberBridge management portal to tailor access to Circadence training exercises for individual users or groups of users.

Single-sign-on through CyberBridge enables the alignment of training exercises to individuals based on their unique learning requirements including:

  • Cyber skill-building exercises and complex missions within Project Ares for cyber professionals
  • Cyber foundation learning with Cyber Essentials tools for the IT team
  • Security awareness training with inCyt for general staff

Cyber Essential learning tools and the inCyt game for security awareness will be added to CyberBridge over the next several months. With the capability to pre-select training activities reflective of a company’s overall security strategy, enterprise security managers can call the shots.

“As the administrator, you now choose what curriculum content your team should have. “This provides more flexibility in cyber training for our customers in terms of what they can expose to their teams.” ~ Rajani Kutty, Senior Product Manager for CyberBridge at Circadence.

Greater Scalability and Performance in Cyber Training

With a cloud-native architecture design, Project Ares can support more simultaneous users on the platform than ever before. Project Ares can now handle over 1,000 concurrent users, a significant improvement over historical capacity of 200-250 concurrent users on the platform.  The combination of  content access control at the group or individual level and the increased scalability of Project Ares creates a solution that effectively spins up cyber ranges with built-in learning exercises for teams and enterprises of any size.  Additionally, this means that no matter where a cyber learner is geographically, they can log on to Project Ares and access training quickly. We see this as similar to the scalability and accessibility of any large global content provider (e.g. Netflix)—in that users who have accounts can log in virtually anywhere in the world at multiple times and access their accounts.

Now that Project Ares can support a greater volume of users on the platform, activities like hosting cyber competitions and events for experts and aspiring security professionals can be done on-demand and at scale.

“We can train more people in cyber than ever before and that is so impactful when we remember the industry’s challenges in workforce gaps and skills deficiencies.” ~ Paul Ellis, Project Ares Senior Product Manager at Circadence

The previous design of Project Ares required placing users in “enclaves” or groups when they signed on to the system to ensure the content within could be loaded quickly without delay. Now, everyone can sign in at any time and have access to learning without loading delays. It doesn’t even matter if multiple people are accessing the same mission or battle room at the same time. Their individual experience loading and playing the exercise won’t be compromised because of increased user activity.

Other performance improvements made to this version of Project Ares include:

  • Quicker download speeds of cyber exercises
  • Use of less memory on user’s computers, and resulting longer battery life for users, thanks to lower CPU utilization.
  • These behind-the-scenes improvements mean that training can happen quicker and learning, faster.

New Cyber Training Content

One new Mission and three new Battle Rooms will be deployed throughout the next few months on this new version of Project Ares.

  • Mission 15, Operation Raging Mammoth, showcases how to protect against an Election attack
  • Battle Rooms 19 and 20 feature Splunk Enterprise installation, configuration, and fundamentals
  • Battle Room 21 teaches Powershell cmdlet (pronounced command-lets) basics

Mission 15 has been developed from many discussions about 2020 election security given past reports of Russian hacktivist groups interfering with the 2016 U.S. election.  In Operation Raging Mammoth, users are tasked to monitor voting-related systems. In order to identify anomalies, players must first establish a baseline of normal activity and configurations. Any changes to administrator access or attempt to modify voter registration information must be quickly detected and reported to authorities. Like all Project Ares Missions, the exercise aligns with NIST/NICE work roles, specifically Cyber Defense Analyst, Cyber Defense Incident Responder, Threat/Warning analyst.

Battle Rooms 19 and 20 focuses on using Splunk software to assist IT and security teams to get the most out of their security tools by enabling log aggregation of event data from across an environment into a single repository of critical security insights. Teaching cyber pros how to configure and use this tool helps them identify issues faster so they can resolve them more efficiently to stop threats and attacks.

Battle Room 21 teaches cmdlet lightweight commands used in PowerShell.  PowerShell is a command-line (CLI) scripting language developed by Microsoft to simplify automation and configuration management, consisting of a command-line shell and associated scripting language. With PowerShell, network analysts can obtain all the information they need to solve problems they detect in an environment. Microsoft notes that PowerShell also makes learning other programming languages like C# easier.

Embracing Cloud Capabilities for Continual Cyber Training

Circadence embraces all the capabilities the cloud provides and is pleased to launch the latest version of Project Ares that furthers our vision to provide sustainable, scalable, adaptable cyber training and learning opportunities to professionals so they can combat evolving threats in their workplace and in their personal lives.

As this upward trend in cloud utilization becomes ever-more prevalent, security teams of all sizes need to adapt their strategies to acknowledge the adoption of the cloud and train persistently in Project Ares. You can bet that as more people convene in the cloud, malicious hackers are not far behind them, looking for ways to exploit it. By continually innovating in Project Ares, we hope professionals all over the globe can better manage their networks in the cloud and protect them from attackers.

Rethinking cyber learning—consider gamification

This post originally appeared on Microsoft’s Security Blog, authored by Mark McIntyre, Executive Security Advisor, Enterprise Cybersecurity Group

Living Our Mission: Embracing the Art of Gamification with Hector Robles, Lead Game Designer at Circadence

If there’s anyone who truly embodies the art of gamification, Hector Robles name just might top that list. As a lead game designer at Circadence, Hector works closely with the company’s content and curriculum departments to take complex cyber concepts and learning paths and artistically weaving them into fun cyber games that make learning desirable.

Hector has more than nine years of professional experience in the game design and cyber security/tech space, but his career wasn’t always rooted in making games for companies. In fact, after graduating from high school, Hector proudly served in the U.S. Army, as a military police officer. It was there he gained an understanding of and appreciation for the importance of security as a whole. Hector saw firsthand how proliferating technology impacted both civilian security and military security operations. After his service, Hector followed his interest and passion for game design by attending the Miami International University of Art and Design and graduating with a degree in game design. Then, he began working with media conglomerates and startup companies as a designer, producer, and artist.

But something was missing. While Hector was accumulating an impressive portfolio of entertainment game design work, he sought something more meaningful—a way to apply his skills in game design to help others. It was then he learned about Circadence and joined the game development team alongside colleagues Kari Sershon, Ronaldo Periera and Jose Velazquez.

Hector has worked on Circadence’s flagship platform Project Ares, specifically the cyber learning games embedded within it. The cyber learning games that Hector has designed will also soon become a part of the CyberBridge Essentials learning hub for wider customer access. Hector’s work can be seen most poignantly in Circadence’s new 2019 game, RegExile, which teaches players how to do regular expression coding work. RegExile helps players learn the syntax of regular expressions so they can efficiently parse through the data in search of evidence of a breach. It is a fast-paced pattern-recognition game that teaches the concepts of regular expression while exercising player’s muscle memory and reaction time. The game challenges players to form the correct expression to select or exclude data while immersing them in a futuristic “save the world” scenario filled with human-destroying robots. Players must recognize patterns in the names and type proper RegEx techniques to eliminate robots before they destroy the colony.

For Hector, designing games like this is fulfilling. “It’s a completely different beast from entertainment game design. It’s meaningful to take complex cyber concepts and turn them into fun, interactive, easily-digestible material for players—whether it’s people just starting out in cyber security or seasoned professionals looking to brush up on skills,” Hector says.

Hector typically approaches new game development by first thinking about how to make a certain concept or task in cyber “fun.” He does a lot of game research to come up with ideas of new game play designs and layouts. The research, which may include playing a game of Dungeons and Dragons to get the cognitive juices flowing, playing an arcade style game to think of narrative storylines and actions, or even breaking out a board game with friends, sparks Hector’s imagination and creativity. Once he has an idea of what kind of game he wants to create to teach the cyber concept that the Circadence Curriculum team has outlined, he develops a one-page pitch for stakeholders that presents his ideas cohesively, including details on game objectives, purpose, and technical specifications. After approval, the fun begins! Hector and his team start prototyping features and components of the game to make the ideas on paper become reality. For RegExile, he planned out the movement of the robots in the game by moving game board pieces around to capture an authentic “in game” feeling for the player.

“I try to always think about what games are out there and how we can make our games truly unique,” says Hector. “We’re constantly thinking about things like accessibility, narrative, and pacing to ensure our games aren’t just entertaining, but that people are really learning from them,” he adds.

Hector is also working on augmented reality and virtual reality card games where players can learn cyber security concepts in industry-specific settings like oil rigs and power plants to further engage one’s understanding of different cyber threats and defense tactics in the cyber kill chain. Users will eventually be able to use physical playing cards to learn things like ports and protocols too. Stay tuned for more on that!

While some may view Hector’s work as all fun and games, it does have a meaningful component that many end-users don’t think about at first. When someone logs onto a game, they are presented with audio/visual and text-based cues to inspire their behavior or ignite an action. Those cues are what allow a player to understand how to engage and act in a game setting, so they are not confused as to what to do or how to do something. Hector’s work takes the guessing out of game play for Circadence’s products. Players who engage with a cyber learning game like RegExile know immediately how to play the game and what the objective is without having to jump through hurdles or be confused at where to start. Thank Hector and his team for that!

“When they get to the platform, they know what to do, the basics of the tool, and more of the narrative and understanding of how they’ll engage with it,” said Hector. “It’s the components we build into the game that allow them to feel empowered when they hit “play” to start,” he adds.

It’s Hector’s team’s expertise behind the coding work, gamification elements, and user interface that comes together to create the best user experience for the player. The art of gamification not only engages and entertains, but it inspires, teaches, and instills cyber knowledge in the minds of players who want to grow in cyber competency and skill.

“Seeing someone’s face light up when they play our games brings a smile to my face,” says Hector. “At first they’re hesitant but then they start playing and there is a moment of clarity that washes over their face that makes the time and energy put into our games all worth it.”

Hector believes the best way to learn is by playing games. That’s what ‘living our mission’ at Circadence is all about. The power of games can cement cyber concepts and we look forward to seeing what Hector and his team whip up next to keep professionals and first-time cyber learners coming back for more knowledge and skill building.

Nichols College Students Spearhead Cyber Security Education for the Entire Campus 

Policy makers are now prioritizing data security over talent, efficiency and controlling costs. As students growing up and being educated in the digital age, we are just starting to understand the importance of cyber security to individuals and their companies. Taking part in a Research Associate Internship on campus at Nichols College, our eyes have been opened to the vast number of threats we face on a daily basis.

Oracle conducted a study titled “Security in the Age of Artificial Intelligence,” where 341 C-Suite executives and 110 policy makers were asked of their plans to improve their company’s security in the next two years. The top answer from this sample was to train existing staff. Human error poses the greatest risk to these companies (Oracle). In order to mitigate this risk, it is imperative to understand the opportunity cost of training employees on the importance of cybersecurity. Prioritizing training would prevent small mistakes, potentially costing a company much more in the long run.

A Nichols College Associate Professor of Accounting and Finance, Bryant Richards, noticed a gap in cyber security education, wanting to bring cyber to campus in a big way, stating “As cyber risks have become ubiquitous throughout the industry, it is our responsibility to provide some degree of cyber literacy to our business students. We must train our accounting students to be data and technology professionals who understand accounting. The realistic and experiential nature of Project Ares matches how our students learn and provides a transformative learning experience.” Richards along with the two of us, helped Nichols partner with Circadence to complete a three-month pilot program of their gamified cybersecurity learning platform Project Ares.

What We Found: Circadence did a great job with Project Ares, with an appealing, gamified user interface that sucks you in and is easy to use. As a student with no technical experience in the cybersecurity field, Project Ares proved to be both engaging and challenging. It provided an abundance of resources through its Media Center and Mini Games. Users can obtain a base layer of knowledge, progressing into education on concepts like the Cyber Kill Chain and how hackers utilize it. The interactive Battle Rooms provide real-life, technical lab environments where users can spin up virtual machines, explore real-world tools, build their confidence, and hone their skills.

What We Learned: You do not have to be a professional hacker to steal someone else’s information or gain access to their computer. Understanding the code is no longer enough; this is much more than an individual problem. If your own device is compromised, the hacker can steal your personal information, and steal information from your employer and worse. This harsh reality surprised us when we first commenced our research. From clicking a wrong link in an email, to accidentally tapping an advertisement banner on your phone; these small errors can seem harmless but are really detrimental to your overall security.

The gamification of cybersecurity training has allowed those of us with no prior knowledge, a chance to get a leg up. With increased demand to train existing staff, new training approaches must be made for the next generation of cybersecurity specialists. Gamifying the process made it easily digestible, directly benefitting any potential company or individual.

The first step in becoming educated on cybersecurity is understanding that there are threats present in our everyday lives. In the words of the man who gave us our initial walkthrough of Project Ares, Brad Wolfenden compared cybersecurity to buying a gallon of milk, saying:

“I believe that part of the disconnect around cybersecurity best practices comes from the assumptions we make as consumers in general – that what we’re buying is designed and sold with our best interests, and security, in mind … The food you buy and eat is certified by the Food & Drug Administration to indicate it has been safely grown/ raised and suitable for human consumption. When making technology purchases, we cannot take these same conveniences for granted.”

It is everyone’s ‘job’ to maintain high ethical standards and awareness when operating on the Internet nowadays. It is no longer up to one person or pre-installed software to protect your personal information. The more we are educated on the basic underlying principles of cybersecurity, the safer we will all be.

References

Oracle. “SECURITY IN THE AGE OF AI .” Oracle, 2018, www.oracle.com/a/ocom/docs/data-security-report.pdf.

Wolfenden, Brad. “A Rising Tide Lifts All Boats: Celebrating National Cybersecurity Awareness Month.” Circadence, 30 Oct. 2018, www.circadence.com/national-cybersecurity-awareness-month/.

*Students R.J. LeBrun & Lorenzo Secola guest authored this blog post as part of their Research Associate Internship at Nichols College