How Gamification Can Improve Enterprise Cybersecurity Posture

Using gamification can help improve an organization’s overall security while making security a fun endeavor

Chief information security officers (CISOs) and corporate security teams are tasked with defending their organization and its assets that contain data that is highly confidential and extremely sensitive. Now, imagine being in the position of responsibility in protecting this kind of data every second. This task is made especially difficult due to the fact that threat actors are constantly trying to obtain unauthorized access via leaked passwords of employees, misconfigurations in their public-facing infrastructure, misclicks on phishing emails or the ever-present problem of the software vulnerabilities. This means analyzing hundreds of millions of signals every single second. This is not a human-scale problem.

With this picture in mind, CISOs need to be fully embedded within the business, highly knowledgeable about today’s shifting cybersecurity landscape and able to manage information risks strategically to drive cyber-resilience and best practices across the enterprise.

Leveraging a platform that uses artificial intelligence (AI) and machine learning (ML) to analyze and produce real-time, comprehensive and prioritized insights of what needs to be addressed is key to making the CISO organization and the IT teams effective.

Cybersecurity posture management is an overwhelming task that requires participation from all stakeholders in an organization—a task that cannot be handled comprehensively by CISOs and security teams alone. CISOs and cybersecurity executives should be able to leverage such platforms not only to get the visibility into their risk posture but also create a culture of shared ownership and accountability that drives cyber-resilience and best practices across the enterprise.

Gamification is an effective strategy for pushing down the ownership of cyber-risk management to employees, also known as risk-owners. It assists CISOs and security teams by tapping risk-owners’ sense of competition, recognition, learning and rewards toward reducing an organization’s overall breach risk. However, gamification is an approach that is most effective when implemented with a platform that enables CISOs and enterprise security teams to operationalize gamification with automation and self-learning with capabilities such as:

  • Observing and analyzing a company’s network traffic and endpoint behavior and identifying risk-owners who can be traced to different instances of risk.
  • Incorporating outdated and incomplete data from a company’s configuration management database (CMDB) and legacy inventory systems with natural language search to identify additional risk-owners and assign assets for which there may be no clear risk-owner.
  • Enable notifications that allow the CISO and security team to communicate with all risk-owners by using rich context.
  • Allow the CISO and security team to assign remediation tasks with context to each risk-owner that includes different options for mitigating risk.

To ensure engagement, risk-owners will be encouraged to participate through incentives and overall competition. The foundation of effective gamification implementation for any use-case revolves around points and rewards. For instance, risk-owners who complete cybersecurity tasks correctly and in a timely fashion would be awarded points. The AI-powered platform facilitating this gamification would be able to validate the completion of tasks by risk-owners and keep a leaderboard that tallies each risk-owner’s points. Such a platform can also integrate with ticketing systems such as ServiceNow and Jira to carry out task assignments with relevant context.

Companies can monitor this leaderboard and reward risk-owners monthly, quarterly or even annual recognition with prizes. What employee would not want to participate in cybersecurity posture transformation if there was a chance of winning an all-expenses-paid trip to Hawaii or a bonus in their paycheck? More than 261 (21%) of data breaches in 2018 occurred due to human errors such as accidental exposure, according to findings from the Identity Theft Resource Center. Data breaches cost companies an average of $3.92 million, according to the Ponemon Institute, and businesses should recognize employees for doing their part to improve enterprise cybersecurity posture.

When your organization is trying to figure out how it can defend against malicious actors and improve cybersecurity posture, consider gamification as a solution. Gamification of cybersecurity takes the fun of games and applies it to what usually would be seen as a dull task by employees. Implementing gamification with an AI-powered platform also will take a lot of strain away from CISOs and security teams so that they can focus on additional threats, as well as track the progress of risk-owners to identify those who need more training and other internal weaknesses such as reused passwords.

Vinay Sridhara

Avatar photo

Vinay Sridhara

Dr. Vinay Sridhara has more than a decade of research and development (R&D) experience in wireless communications, security and machine learning (ML). Prior to joining Balbix, Sridhara worked on wireless networking, mobile security and machine learning at Qualcomm Research. While at Qualcomm, he served on several IEEE 802.11 working groups and contributed to several core areas in these standards. Sridhara holds a Ph.D. in ECE and Masters in CS from USC and University of Delaware. He has authored several research papers, and holds over 100 patents.

vinay-sridhara has 9 posts and counting.See all posts by vinay-sridhara