Can unmotivated employees respond to a security breach effectively? Such events may be infrequent, but people need muscle memory, confidence, and strategy to manage them when they emerge. Discipline is essential when preparing for something that may take years to arrive and days to unfold, which is why cybersecurity demands motivated humans.
While inspiring employees is crucial, this doesn’t mean dishing out cash bribes and false promises. Organizations should look to build a security culture from the ground up and satisfy their employees’ technical appetite with genuinely engaging learning material. Cyber skills content that is interactive, adaptive, and fun will bring immense value, while dry eLearning will damage motivation.
The evolving cyber field needs people who develop their skills continually, and you can encourage this by making learning fun. Gamified training increases motivation in 83% of employees according to TalentLMS – and we’ve found it the ultimate hook for cyber learners.
Motivations for behavioral change
In learning and cyber workforce development terms, motivational factors play a critical role in behavioral change. BJ Fogg devised a model explaining how behavioral change and motivation are connected, which implies three things must be present for behavioral change to occur: prompt, ability, and motivation.
Without all three people either do not, cannot, or will not change their behavior. Remember the adage ‘you can lead a horse to water, but you can’t make it drink’? Well, it’s a bit like that. Organizations face cyber threats continually, and these threats are the ‘prompts’ for their workforce’s behavior to change. If workforces are motivated to evolve their behavior but lack the skills to do so, change cannot occur, which means they will be unable to defend against the latest attacks. In this scenario, a learning need is identified.
Imagine a workforce is asked to develop cyber skills (the prompt) and assigned relevant learning content. If this is not engaging, fun, or experiential, they will not be motivated to complete it. Behavioral change will not occur (or will do so with reluctance), meaning critical learning doesn’t stick. In essence, even with a prompt and the ability to change behavior, employees won’t necessarily have the motivation required for learning to occur. To motivate a cyber workforce, you must first engage it.
Extrinsic and intrinsic motivations
Motivation can be split into three categories: extrinsic, intrinsic, and addiction. The first two are healthy types of motivation an organization wants to see in its workforce.
Extrinsic motivation is an external incentive that can be negative or positive – you’re no doubt already familiar with the ‘carrot and stick’ approach.
One example of a negative extrinsic motivating factor is the need for compliance: all employees must complete ‘X’ training to ensure we are compliant with ‘Y’ legislation. In this instance the extrinsic motivating factor is the legislation. Now, how motivated do you think employees would be to complete the compliance learning package?
There are examples of positive extrinsic motivational factors in many aspects of our lives: remember the pocket money you received as a child for doing chores? Think about the rewards and recognition required to motivate people. Positive extrinsic motivating factors are excellent stimuli, but only if they are not removed.
Intrinsic motivation, such as striving towards a goal for personal satisfaction or accomplishment, is a far more powerful motivating factor. In some circumstances, you may work towards a long-term goal which could be work or non-work related.
In terms of learning, there are many ways that positive extrinsic and intrinsic motivational factors work well. Employees may task themselves to master a subject or attain a skill, and this happens for reasons such as recognition, progression, or promotion. Incorporating intrinsic and extrinsic motivational factors with gamified learning in the form of points, leaderboards, and levelling up, as we do at Immersive Labs, develops and maintains employee motivation long term.
A gamified experience does more than just motivate someone to learn; crucially, it allows them to enjoy the process. American author Dianne Ackerman said, ‘play is our brain’s favorite way of learning’ – this is because gamification impacts the brain positively, triggering the four major chemicals that induce happiness: dopamine, oxytocin, serotonin, and endorphins. These chemicals create desirable emotional states and get people hooked on learning. Your brain releases dopamine, for instance, whenever you are rewarded for a particular task. Gamification provides learners immediate feedback through virtual rewards when a goal is achieved, so they begin to associate learning with feeling good. This prompts them to persist with, and even seek out, learning experiences.
Applying gamification to cyber training is thus a no-brainer, especially automated, gamified solutions that enable employees to upskill on their own terms without disrupting business function. This doesn’t just save resources but also enables greater training frequency and, in turn, greater skills development – the reason 77% of senior security managers say increasing gamification would help protect their organization from cyberthreats. After all, attackers never stop innovating, so defenders shouldn’t either.
The mechanics of gamification
Despite its name, gamification is not strictly about games. It is the act of taking something already in existence – a website or application for instance – and increasing engagement using game mechanics, such as those laid out below (via BI Worldwide):
· Fast feedback – Immediate feedback or response to actions
· Transparency – Where everyone stands
· Goals – short- and long-term goals to achieve
· Badges – Evidence of accomplishments
· Levelling up – Status within your community
· Onboarding – An engaging and compelling way to learn
· Competition – How you’re doing compared to others
· Collaboration – Accomplish a goal working with others
· Community – A context for achievement
· Points – Tangible, measurable evidence of your accomplishments
Game mechanics compel people to act, and when that action is improving the way we learn, mechanics are a force for good. Learners who are satisfied by their education and gain a sense of accomplishment from it will perform better. So by incorporating some of these game mechanics – it needn’t be all of them – into cyber skills content, we can motivate learners to develop continually.
Gamification in cyber
Typical gamified cybersecurity exercises such as capture-the-flags double up as great team-building activities because of their social nature. McAfee found 96% of organizations that hold such events report tangible benefits; they can even help in the search for hidden talent, with many self-taught or uncertified participants using the exercises to prove their worth. Check out the ways Immersive Labs is already utilizing gamification below.
Learn by doing
When it comes to cybersecurity nothing compares to getting hands on, which is why we give users every chance to learn by doing. This means getting to grips with the latest attacker tools, tactics, and techniques.
We know that perseverance is a key quality in cyber talent, so our platform lays down the gauntlet. Our capture-the-flag labs in particular enable those who are ready to find their own way to the finish line.
Curiosity and self-research
If learning wasn’t compelling, would you want to do it? At Immersive Labs we invite the user to take control of their development and get active, using everything at their disposal to complete our labs.
We instantly reward learners with points and badges for progressing through our exercises. This helps them to climb the leaderboard and earn bragging rights over their friends and colleagues. It also keeps them coming back for more.
Want a full-spectrum look at the gamified content on our platform? Book a demo today.
1 September 2020
Immersive Labs Cyber Learning Consultant
Immersive Labs Copywriter
Staying cyber-safe in a remote working world
24 September 2020
Guest Blog: The Stress and Joy of Security Jobs
21 September 2020
Five steps every business should implement before ransomware strikes
17 September 2020
A sign we’re on the right Track
7 September 2020
The key element in your cybersecurity strategy isn’t process, tech or data – it’s people
7 September 2020
If your cyber training isn’t gamified, it isn’t right – here’s why
1 September 2020