an overview of gamified information security training
TRANSCRIPT
dAtA BreAcheS:cOmmOn And cOStlyData Breaches are becoming increasingly common. A
study by Ponemon Institute found that 55% of companies
surveyed had a security incident or data breach due to
a malicious or negligent employee1. And according to
Ponemon Institute, there is a 26% probability of your
company having a material data breach involving 10,000
lost or stolen records over the next 24 months2.
The costs associated with data breaches are also rising.
Globally, the cost of a data breach increased from $3.79
million in 2014 to $4 million in 20152. And it’s even worse in
the US. The average cost of a data breach in the US increased
from $6.53 million in 2014 to $7.01 million in 20152. In
fact, the US had the highest data breach costs out of the 12
countries Ponemon interviewed2. Yet Information Security
training doesn’t seem to be a priority for many companies.
1
launchfire.com2
3 launchfire.com
2
Only 35% of senior execs at companies surveyed by
Ponemon think it’s a priority for employees to know how
data security risks affect their organizations1. Despite the
fact that the top two insider risks facing companies are
careless or negligent employees that expose sensitive info
or succumb to targeting phishing attacks1.
In fact, only 45% of companies make training mandatory
for all employees1. And 60% of companies do not require
employees to retake security training courses following a
data breach1.
Security trAininG:Still nOt A PriOrity
launchfire.com4
The time for training is now. And with Cyber Security
Month coming up in October, there’s no better time to
start planning a refresher course on IS. But there are a few
obstacles that need to be overcome for your IS training to
have a lasting effect:
A. A fundamental aversion to information security content
B. Showing employees the relevance of IS to their jobs
C. Keeping employees awake during IS training
The best way to overcome these obstacles is
Game Based Training.
5 launchfire.com
hOwGAme BASedtrAininG cAn helP1. It’s Engaging
Information Security is dull. No question about it.
Putting it in a game makes it much more engaging for
employees. And when they are engaged, they are more
likely to retain information.
3
launchfire.com6
2. It Puts Information Security in Perspective
Most of the time, employees think that IS is ITs
responsibility. They don’t get how it impacts their job,
and how simple things they do can have major impacts
on the business. Game Based Training can help make
those connections for employees. Scenarios show the
impact of IS policies on their day to day behaviours, and
the consequences for the entire organization when those
policies are ignored.
3. It Rewards Employees for Participating
Game Based Training not only makes it fun to engage with
the training, it provides a structure to reward employees
for doing so. You can reward employees for completing the
training, or reward top performers.
the BOttOm line
Information Security risks are real. And the costs for ignoring those risks are increasing every year. Employee training is the most effective way to decrease the chance of a security incident or data breach. But for
training to be effective, it needs to be engaging.
Game Based training makes Information Security
fun and rewards employees for participating.
It also puts security policies in perspective for
employees, showing them the impact of their
decisions on the organization as a whole.
Information Security is a team sport.Is your team ready?
SouRCES: 1 Managing Insider Risk Through Training and Culture. May 2016. http://www.experian.com/assets/data-breach/white-papers/experian-2016-ponemon-insider-risk-report.
pdf 2 2016 Cost of Data Breach Study: Global Analysis. June 2016.http://www-03.ibm.com/security/data-breach/12/cyber-monday-2015-largest-online-sales-day-ever.html
613-728-0868
ImPRovE YouR SECuRITY PoSTuREGAmIfY YouR TRAInInG!