Do you want to play a cybersecurity game?

How to create engaging cybersecurity awareness training in the corporate environment


I’m sure that many of you remember the movie "Wargames," the popular Cold War science fiction film in which a young hacker unwittingly accesses WOPR, a United States military supercomputer programmed to predict possible outcomes of nuclear war. In the movie, the hacker (Matthew Broderick) gets a military mainframe computer to run a nuclear war simulation, originally believing it to be a computer game. The simulation causes a national nuclear missile scare and nearly starts World War III. 

Well true to form, many of the things I see in the movies are  just a clear indication of things yet to become reality, such as phasers, teleporters, warp speed, photon bombs, and most recently, magnetic pulse bombs.  This missile has the capacity to permanently disable information technology resources, which in my opinion, will be the "weapon of choice" as our defense systems are highly dependent the use of the global information grid. This type of technology is a game changer that clearly points out that information technology is essential to our national security, and those that can disrupt it can gain a significant advantage as an adversary.

Similarly, I am seeing a viral rise in publicly available malicious software tools that can be downloaded from the internet that can create disruptions by flooding a site with traffic otherwise known as a distributed denial of service attack or DDoS.  An example of this is known as the Low Orbit Ion Cannon, which if launched from multiple sites, can bring down a network that does not have the appropriate filters and firewall configurations in place.

About a year ago, I visited one of our clients who is the security director of a large defense contractor. When I was invited to his office, I thought that I had inadvertently taken a wrong turn and ended up in a snack bar.  There was a long bookshelf with pre-packaged snacks everything from chips, candy, gum, popcorn, candy bars, mints, pretzels. After seeing this, my first inclination was to get a grab bag of goodies and take them over to my work area.  As I decided that the pretzels were my choice and when I asked for a bag he said, of course, but you have to answer a security question first. 

If organizations were to demystify cybersecurity and create engaging security awareness training in a non-threating and non-challenging environment, end-users would feel less threatened to ask questions, have open dialogue and increase their knowledge of how to protect online identities, as well as corporate information.  I think that game developers should create corporate games such as capture the flag, tag, dodge ball, and model games such as "Jeopardy," "Are You Smarter Than a 5th Grader," and my favorite show "Deal or no Deal" with a cybersecurity awareness twist.

If anyone is interested, let’s get started.