, , ,

Playing the Cybersecurity Game With IT Controls

Can gaming significantly improve how governments at every level protect their cybersecurity by making their employees more careful about how they use their IT?

According to one cybersecurity expert, the answer might be yes. Arthur Bradway adds that turning security training into a game can help public servants remember tips for keeping their agency’s data safe.

“A big topic lately is gamifying the security training,” Bradway said Wednesday during GovLoop’s virtual summit. “We all like games. We all like to win.”

Bradway is a senior government sales engineer at SolarWinds, a software provider specializing in network, systems and IT management.

Wednesday’s virtual summit focused on how governments can enhance the user experience (UX) they provide citizens.

UX focuses on how customers feel about a product, service or system’s design, usability, value and other qualities.

According to Bradway, many agencies use dull training lectures, presentations and videos that don’t help their employees retain cybersecurity knowledge.

“A lot of these methods aren’t really engaging to the end user,” he said. “You spend all that time to get your users there and they don’t remember anything. By making it more engaging, they’ll retain more of the information.”

Bradway said that creating games can also help agencies establish, teach and enforce IT controls for their workforces.

IT controls consist of the procedures and policies that help ensure that technologies are being used for their intended purposes in a reasonable manner.

Examples of some general controls that are used for essential IT processes include risk and change management, security and disaster recovery.

Bradway noted that when it comes to IT controls, government employees are often unaware of what their agencies expect from them in terms of cybersecurity.

“End users are our weakest links in all of this,” he said. “The majority of them don’t know anything about security. They’re used to being constantly connected anywhere they want on their devices. They just assume they’ll be able to do the same thing at the office.”

Unfortunately, cybersecurity isn’t a concern that governments can take lightly because of the sensitive data they often handle.

Governments that fail to protect their data can lose the trust of their citizens, suffer financial damage and even endanger national security.

Bradway said, however, that gaming can help prevent cybersecurity incidents by teaching public servants about the topic in an entertaining way.

For example, he continued, gaming can educate people about the different cyberthreats currently menacing agencies.

Bradway suggested one game where players assume the role of such cyberthreats as hostile foreign governments to learn how they act.

“When people are playing the role of the bad guy, they realize, ‘Wait, there’s more than one type of bad guy in the world?’” he said. “They realize that there’s more going on and they need to start paying attention to it.”

Bradway also argued that gamifying security training could resonate with public servants – especially younger ones – who are used to playing games on their mobile devices.

“Everyone is so used to doing something on their phones and getting some little reward,” he said. “We know the end users are the problem. A lot of this highlights the trainings, policies and procedures that are in place.”

Stay ahead of the game and pre-register for GovLoop’s free government virtual summits!

Leave a Comment

One Comment

Leave a Reply