How many times have you endured a dry-as-dust PowerPoint presentation or clicked through a tired e-learning course only to realize, despite hours of ‘teaching,’ you remember virtually nothing? It’s easy to blame yourself when this happens; you may feel guilty or even harbor doubts about your ability to retain knowledge. Don’t. There’s a good chance that the material simply wasn’t practical, engaging or relevant enough – flaws magnified when you are spoken at, instead of with, in a stale classroom environment.
Now, I am not suggesting school-style learning should be outlawed as it undoubtedly has its merits. But certain subjects, particularly those with a large technical element, demand a more innovative approach. Without doubt, cybersecurity falls into this category – something I first observed while delivering GCHQ’s Cyber Summer School. It was evident that people enjoyed completing practical exercises requiring analytical thinking and problem solving. It was also clear that when people had fun, they learned more.
And increased cyber learning is something every workforce can benefit from. Security is no longer something handled by a select few while others do as they digitally please; it is the responsibility of everyone in an organization. In fact, every employee should have some degree of cyber training, and this is something that kept me thinking during those summer months with GCHQ. To transform a workforce, you first must engage it – and when it comes to cybersecurity, there’s no better way to do this than gamification.
Despite its name, gamification is not strictly about games. It is the act of taking something already in existence – a website or application, for instance – and increasing engagement using game mechanics, such as reward and competition. It works because those mechanics are addictive, yielding excellent results in a learning environment. Typical gamified exercises such as capture-the-flags and hackathons also double up as great bonding exercises owing to their social nature. A recent study by McAfee found 96% of organizations that hold such events report tangible benefits. They can even help in the search for hidden talent, with many self-taught or uncertified participants using such exercises to prove their worth.
Several elements make gamified solutions effective, not least social features that encourage competition in a lightweight manner, such as a leaderboard. Humans also crave the simplicity exhibited in games like Bejeweled. As outlined by Erin Hoffman on Gamasutra, Bejeweled’s addictive elements are simple: the game is easy to understand and access, it presents a clear problem with a clear solution, and the results of actions create consequences with intermittent reward. Simple design techniques, including the use of specific shapes and colors, can also keep us coming back for more. (You like those little red badges on your iPhone, right?)
So, certain game mechanics obviously compel people to act. Game mechanics are not games, and when they help us to learn or do our job, they are a force for good. Learners who are satisfied by their education, who understand their work and gain a sense of accomplishment from it, will of course perform better.
Making experiences more engaging this way is not a new concept. In 2012, US pharmacy Omnicare introduced gamification to its IT service desk and achieved a 100% participation rate. That same year, American software corporation Autodesk used it to raise its trial usage by 40%. This year, Talent MLS’s Gamification at Work survey found 85% of employees would spend more time on software that was gamified, while 87% agreed gamification made them more productive. Clearly, it works.
Applying gamification to cyber training is a no-brainer – especially when considering it can be largely automated. Training in anything must occur often to be effective, and nowhere is this truer than in cyber, where learning must be consistent to combat constantly evolving threats. Using automated, gamified solutions, employees can improve their skills on their own terms without need for disruption to company operations. This doesn’t only save time and money; it also allows for greater training frequency and, in turn, greater learning. And with 77% of senior security managers agreeing their organization would be safer if it used gamification more, it is surely time to take heed.