How gaming can help solve cybersecurity woes




Who would’ve thought a few years ago that in one year, we would see the personal information of all U.S. voters leaked, the Social Security numbers of more than a hundred million people stolen, and the sensitive financial data of hundreds of millions of people exposed by companies that were supposed to protect them? All of that happened in 2017.


2018 will probably be worse, since even more people, organizations, and businesses will go online, a considerable amount of which don’t even know the basics of protecting their digital assets.


The one thing that all online platforms and businesses have in common is cybersecurity woes. Whether you’re running a billion-user-strong social media network or a small e-commerce website, you’ll have to learn about DDoS attacks, cross-site scripting hacks, SQL injection vulnerabilities, insider threats and much more. According to a 2018 survey by PwC, cybersecurity threats are among the top four threats to business growth.


Yet, what’s evident is that traditional approaches have failed to address the growing demand for cybersecurity talent. The industry currently has a zero percent unemployment rate, and according to Cybersecurity Ventures, by 2021, there will be 3.5 million unfilled cybersecurity jobs worldwide. And this is a problem that is becoming exacerbated as more people, organizations and businesses go online.


In this regard, organizations can look to gamification, the process of using game mechanics in a non-game context, for solutions to deal with the growing cybersecurity threats that surround their sensitive assets, their customers and their employees.


Making cybersecurity more fun


One thing’s for sure: Cybersecurity is boring, difficult and cumbersome. Employees often have to go out of their way and put away revered habits to make sure they’re in compliance with a company’s best security practices, such as giving up their favorite cloud storage provider or email service for one that is approved by the organization. Not everyone is willing to make that sacrifice, and that includes high-profile politicians. Consequently, insider threats continue to remain one of the main causes of security incidents.


By gamifying security practices, organizations and companies can provide their employees with incentives to abide by security rules. For instance, employees could receive badges for every tenth or hundredth email they send without triggering a security policy violation warning. Continued compliance with security practices can earn employees rewards such as e-store gift cards or company perks.


Organizations can use scoreboards to add competitiveness to security practices and increase engagement among employees. Long story short, by making cybersecurity fun, organizations can make sure that their employees are compensated for their efforts in a quantifiable. But the greatest reward is the collective security that everyone in the organization will benefit from.


In an interview with CSO, Mark Stevens, SVP of Global Services at Digital Guardian, lays out seven reasons that a gamification strategy can help improve organizations’ cybersecurity strategy.


Breaking down the complexity of cybersecurity for executives


Bringing a company’s leadership on the same page with IT and security teams is an even greater challenge than teaching employees to adopt secure practices. Understanding the complex and multifaceted cybersecurity landscape is very difficult and executives often have to decide on issues that are too complicated and technical in nature.


The traditional way of educating the c-suite on cybersecurity is long hours of staring at slides and listening to security jargon, a process best described as “Death by PowerPoint.” But it takes more than memorizing a bunch of technical terms to lay out security strategies and make timely decisions during emergencies.


PwC’s Game of Threats is one of several cybersecurity education programs that takes a different approach, teaching executives cybersecurity through a gaming environment. Participants can take part as hackers or defenders and experience real-life security situations from different perspectives. Attackers learn about the methods, tactics and skills that hackers use to target organizations, while defenders learn to develop defense strategies and become familiar with the technologies and talent required to discover and fend off attacks.


The entire process gives executives a holistic and realistic view of the cybersecurity threat landscape and gets them ready to protect their organizations against modern-world threats.


Finding cybersecurity talent in unlikely places


Currently, applicants for cybersecurity roles must have hard-to-earn certificates such as the much-coveted Certified Information Systems Security Professional (CISSP), which requires years of training and experience. But the talent to fill those security roles exists—we just need to look in the right places.


Again, gaming can be a good medium to find qualified people for unfilled security positions. Capture the Flag (CTF) tournaments, cybersecurity contests in which participants compete to solve security problems or to attack and defend computer systems are a perfect example of how gaming can get more people involved in cybersecurity jobs. With the right experience, anyone can take part in a CTF game and put their cyber-threat fighting skills to display.  


Once a recreational practice for computer geeks, CTF events have become major recruiting pools for cybersecurity talent in recent years. Recruiters from large tech companies attend famous CTF tournaments such as DEF CON to find qualified candidates for their security positions. 


PwC will be hosting a large score-based CTF tournament at this year’s TNW Conference. The hacker — or network manager, or chemist with no IT certification, everyone can join who reaches the highest score in the shortest amount of time, wins the tournament.


Think you can Capture the Flag (and don’t mind winning a free ticket to the TNW Conference)? Then join the Pre-Qualification Challenge before May 21. The 15 best players will be invited to the TNW Conference to compete in an offline challenge on May 24 and 25. 










This post is brought to you by PwC.