Abstract
Cybersecurity training is a crucial response to a growing number of intrusions and attacks (Nagarajan et al., 2012). Human vulnerabilities account for 80% of total vulnerabilities exploited by attackers (IBM, 2013) yet the focus of cybersecurity in information technology has been on systems tools and technology (Hershberger, 2014). Human vulnerabilities include, but are not limited to, employee negligence, leadership misinformation and limited cybersecurity skills training, malicious insiders, and third parties who have access to an organization’s network. The need to build cybersecurity skills and increase knowledge in the workforce and leadership has become apparent to top corporate decision makers, governmental bodies, and academic researchers (Evans & Reeder, 2010). After the 2013 data breach of Target Corporation, an analysis of the attack concluded that the Target security systems detected the breach but the leadership and employees responsible for taking the steps to respond lacked the necessary skills and knowledge (Hershberger, 2014).
Highlights
Cybersecurity training is a crucial response to a growing number of intrusions and attacks (Nagarajan et al, 2012)
A recent study found that almost 70% of critical infrastructure providers across 13 countries suffered a data breach in 2013, and it was found that 54% of those breaches resulted from employee negligence; the most unexpected finding was that only 6% of these companies provided cybersecurity training for all employees (Unisys, 2014)
In the remainder of the article, we examine the use of gamification to develop employee skills and identify various entrepreneurial perspectives that are relevant to this approach
Summary
Mackenzie Adams and Maged Makramalla “ ” It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles; if you do not know your enemies but do know yourself, you will win one and lose one; if you do not know your enemies nor yourself, you will be imperiled in every single battle. Businesses need to invest in building cybersecurity skills across all levels of the workforce and leadership. This investment can reduce the financial burden on businesses from cyber-attacks and help maintain consumer confidence in their brands. We discuss the use of gamification methods that enable all employees and organizational leaders to play the roles of various types of attackers in an effort to reduce the number of successful attacks due to human vulnerability exploits. We combine two separate streams – gamification and entrepreneurial perspectives – for the purpose of building cybersecurity skills while emphasizing a third stream – attacker types (i.e., their resources, knowledge/skills, and motivation) – to create training scenarios. This article will be of interest to leaders who need to build cybersecurity skills into their workforce cost-effectively; researchers who wish to advance the principles and practices of gamification solutions; and suppliers of solutions to companies that wish to build cybersecurity skills in the workforce and leadership
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
