How gamification and automation can change your organisation’s cybersecurity stance
Gamification could be the key tool to instil a better cybersecurity posture in your organisation – with gamers potentially representing the next generation of threat hunters.
That is the primary finding from a new report by McAfee which polled 950 cybersecurity managers at organisations with 500 or more employees. The study, titled ‘Winning the Game’, argues popular security competition games, such as capture the flag, make sense from an inter-organisational perspective. Four in 10 companies polled said they already incorporated some kind of exercise once a year, while 96% of those who do use gamification say they have seen its benefits.
The research found gamification raises awareness of cybersecurity at various levels. IT staff were more likely to understand how breaches could occur – cited by 57% of those polled – as well as how to avoid becoming a victim of a breach (49%) and how to best react to it (46%). These benefits are also recognised by management as well as IT staff, a finding the report finds as ‘significant’.
Not surprisingly as a security leader, McAfee practices what it preaches on this issue. The company runs table-top exercises every two weeks and red team exercises each month.
The report assesses how many cybersecurity practitioners are – or were – experienced video game players. As a result, the link between the two is apparent, with logic, persistence, an ability to learn quickly, and an understanding of how to approach adversaries cited. Only 5% of those polled believed gaming offered no skills for a career in cybersecurity.
Automation was also seen as a key aspect to cybersecurity awareness. More than 90% of those polled said they believed threats will grow more complex, with nearly half saying they will struggle to deal with it. As a result, automation – incorporating aspects such as artificial intelligence (AI), freeing up employees to work on more creative activities – is attractive. 30% said the opportunity to work with new technology would be a key factor attracting them to a job.
Tasks which are already being automated in organisations polled include network monitoring – cited by 63% of respondents – threat intelligence correlation (44%) and putting together a unified policy for consistent automated response against threats across the entire IT architecture (36%).
The report concludes with assessing the ‘proven benefits’ of gamification, as well as the importance of these policies for wider company health. “Given the high levels of staff churn at many organisations, it is also more important than ever for senior managers and HR departments to consider alternative methods to plug this cybersecurity skills gap,” the report says. “For example, the research singles out video gamers – even those without a background in cybersecurity – as people who have the right types of skills and a much-needed fresh approach to threat hunting compared to traditional security hires.”
You can read the full report here (pdf).
- » How to engage your employees with AI voice assistants
- » Why C-suite expertise does not always translate to InfoSec awareness
- » VMware boosts Workspace ONE features with greater security and automation
- » Cybersecurity: Four steps CIOs can take to minimise data loss
- » MobileIron expands partnership with Lenovo to include new offering