A fun and unique game that teaches cybersecurity to management so they know about cybercrime before it actually happens to them.
Mother Teresa once said “We the willing, led by the unknowing, are doing the impossible for the ungrateful. We have done so much, with so little, for so long, we are now qualified to do anything with nothing“. I bet that is how a large number of digital Security based personnel feel all of the time. It is harder, convincing a CEO / CIO / board members / management teams that they need to spend money on digital protection and projects than you can fly to the moon by flapping your arms.
If internal people,(IT managers), have trouble selling this point, external providers have an even bigger problem. The attitude that External cybersecurity providers are only trying to fill their sales quotas is rampant in the industry. At least that is the perception. In reality, a large number of cybersecurity and technical companies are truly trying to get you to protect your organisation from a devastating cyber-attack. They know what the bad guys are after and what the organisation needs to do to protect itself.
Internal digital cybersecurity personnel of large Organisations are trying to protect the data and information held within the business. Most of the time they are considered scaremongers. The constant barrage of
- It won’t happen to me,
- We are too small to be a target and
- We have nothing worth stealing
is just what the cyber criminals need to hear. The management team and board members fail to listen to the warnings and signs that the internal experts bring to the table. That is until it is too late.
The Internal digital security people are the first to front the firing squad because that was their job. The fact that they were working with outdated technology, ill-informed and uninformed management teams and working with underfunded budgets is not the reason – they should have protected the organisation.
The threat landscape is constantly changing. The more technology that is deployed within an organisation to improve data access or convenience of use, the less security is considered as a business driver. With the addition of shadow IT, data protection should be a full time job for most businesses, but it is not.
What would speed up the process of understanding that cybercrime is a major problem?
Well I have an idea.
Play a game.
Gameplay has always had the desired effect when it comes to teaching people solutions to complex problems. Me, I have been a gamer long before computers and consoles became the norm, and I have reverted to my younger days.
When it comes to playing a board game to teach management what “could happen if they had a breach”? is that a good idea? I think so! Getting through the noise of “what play a game” is also difficult, not to the same level as actually seeing cybercrime as a bono fide threat to the business and a risk to the organisation, but still difficult.
The biggest response we get is “I don’t have time to play a game, I have more important things to do”. So 20 minutes on Facebook is more important? Not when Facebook could be the agent for getting into your organisation!
Just like other components of the business, priorities are distorted, but only up till it has happened – you know horses and barn door type of thing. Only after the blackmail email, or the crypto locked PC or the ecommerce web site has crashed is there a concerted effort to look at the issues of cyber security. In addition to an opening of the cheque books. This would all be happening in parallel with the large collective covering the arse that is also going on.
When it comes to these sort of problems eastern society has it right – fix the problem before assigning blame. Fixing the problem in this case involves a large education process so that it will not happen again. Once again, a game can educate management to a level where they are confident in what their own people are doing is correct.
Role playing for fun and profit has been around for a while now. It is used in sales and marketing all the way through to Psychologists in today’s world and have been used in those areas since the 1920’s. This has nothing to do with – playing a game is stupid, playing a game is childish, I will learn nothing from a game.
So why not play the game that teaches you the basics of cybersecurity, without you losing your shirt.
Go to Kickstarter to donate