While National Cybersecurity Awareness Month and Critical Infrastructure Security and Resilience Month are important moments in time to direct our attention to cybersecurity challenges, the reality is we need more than two months of cyber conversation. We need a continuing, year-round dialog about why cybersecurity matters. It’s important to weigh the combination of people, process and technology to drive an always-alert cybersecurity initiative and improve our effectiveness in stopping threats of all types.


Laura Lee

For those who run a business or government office, continuous cybersecurity learning opportunities for every employee from the CEO to the receptionist is a critical requirement in the wake of today’s imminent and complex threat landscape. Billions of people were affected by data breaches and cyberattacks in 2018 alone – more than 765 million people between April, May and June, according to USA Today. Each successful breach reveals a better, faster, more incognito way to exploit information for reputational or monetary gain. The evolving pace of attacks requires adaptive employee cyber learning in order to stay protected and safe.

At a minimum, organizations should consider the following cybersecurity strategies to keep pace with imminent threats:

1. Model their security strategy with the NIST Cybersecurity Framework in mind.
2. Integrate cybersecurity into the overall business risk plan to gain buy-in from the C-Suite and achieve alignment between business and security activities.
3. Create security action and contingency plans to balance people, best practices, training and technology.
4. Invest in cyber-range learning environments to test employees’ skills on current cybersecurity threats.
5. Leverage gamification in cybersecurity learning efforts to introduce a sense of competition and rewards for front line employees.

But how can organizations keep every employee cybersecurity-aware, learning lessons and following policies?

Gamification is the natural, logical step in training the next-gen learner, who has never known a world without video games. Gamification, originally coined in 2002 by a British computer programmer named Nick Pelling, is often defined as the process of adding games or game-like elements to something. Unlike compliance-driven teaching methods, gamified teaching engages practitioners individually and in teams, through modern learning strategies.

It works by deploying connected, interactive, social settings that allow learners to excel in competitive, strategic situations. Further, it enables learners to apply what they know to simulated cyber range environments or “virtual worlds,” creating a natural flow that keeps learners engaged and focused. Organizations that offer gamified cybersecurity exercises to teams report that 96 percent of workers see benefits, including increased awareness of weaknesses, knowledge of how breaches occur, improved teamwork and response times and enhanced self-efficacy.

Using gamification rewards employees and encourages positive interactions. It helps workers communicate better in handling network security and protecting critical data.

How do you know if gamification training for cybersecurity is working? Measure it via audits. Perhaps split teams in two – one trained via gaming techniques and one more traditionally. Audit their work with common criteria. Which team responds to network threats better?

Remember, every month is cybersecurity awareness month. The same rule applies to awareness for critical infrastructure security.  Keep your guard up always. Keep learning. Keep growing.

Laura Lee is the executive vice president of rapid prototyping for Circadence Corporation