Despite the intense focus on cybersecurity over the past few years from private and public sector organizations alike, cybercriminals continue to regularly outsmart the system, often taking advantage of known vulnerabilities in widely used programs and software to plan far-reaching cyberattacks.
A recently released report by the Center for Strategic and International Studies and McAfee estimates that nearly $600 billion, roughly one percent of global GDP, is lost to cybercrime each year. This statistic tops the 2014 CSIS-McAfee cybercrime report, which found that global cybercrime resulted in $445 billion in global losses. These staggering numbers show the severe impact that cyber criminals have on the overall health of the global economy and illustrate the need for better strategies to combat the problem.
Many companies have recognized the need to take proactive and preventive action to prevent future cyberattacks, and are getting creative in how they tackle the problem. For example, bug bounty programs have been adopted widely by private companies and, more recently, by the federal government. On March 21, Reps. Ted Lieu (D-Calif.) and Ted Yoho (R-Fla.) introduced the Hack Your State Department Act, which develops vulnerability disclosure and bug bounty programs to address the critical cybersecurity issues facing the federal government and State Department. The legislation, if passed, would require the secretary of State to establish guidelines for a vulnerability disclosure program that would allow researchers to detect cybersecurity gaps within 180 days after the bill’s enactment.
Additionally, the Department of Homeland Security’s Science and Technology Directorate (S&T) awarded the 418 Intelligence Corporation $350,000 to develop a “prototype game-based, forecasting platform and user-experience” to “engage participants in competition and mastery of the latest developments in cybersecurity.”
This “gamified” approach to solving some of the biggest cybersecurity issues and staffing challenges facing both the private and federal sector is becoming increasingly common. McAfee’s recently released Winning the Game report indicates that as advanced threats and state-sponsored attacks become more of an everyday occurrence, how quickly and effectively organizations respond to these threats is critical. The report illustrates that while hiring more skilled cybersecurity experts is part of improving the state of cybersecurity, ensuring job satisfaction to improve retention rates and reduce attrition is also a critical factor in ensuring companies stay on top of their cybersecurity game.
According to a 2016 report by Intel Security and the Center for Strategic and International Studies, Hacking the Skills Shortage, 82 percent of those surveyed reported a lack of cybersecurity skills within their organization. The cybersecurity workforce shortage is projected to reach 1.8 million by 2022, according to the Global Information Security Workforce Study released in August 2017.
In a survey conducted for the Winning the Game report, seventy-eight percent of cybersecurity managers and professionals in public-sector and private-sector organizations said that, of the current generation entering the workforce, those who grew up playing video games make stronger candidates for cybersecurity positions. Gamification has been identified as an important tool to drive higher performance in cybersecurity organizations, as the majority of organizations who put on game-like exercises, such as hackathons, capture-the-flag, bug bounty programs and more, reported seeing benefits.
The report also found that 4 in 10 public-sector and private-sector organizations use a gamified exercise with their employees at least once a year, resulting in awareness and knowledge among IT staff of how breaches can occur (57 percent), how to avoid becoming a victim of a breach (49 percent), and how to best react to a breach (46 percent). It also enforced a team work culture necessary for quick and effective cybersecurity (43 percent). Respondents also reported higher satisfaction in jobs at organizations that regularly ran cyber games or competitions.
Although many aspects of today’s security environment are uncertain and unpredictable, the increased threat posed by cybersecurity breaches is an absolute certainty. It is more important than ever that cybersecurity workers continue to hone their skills, stay engaged in the crucial services they provide and find deep satisfaction in their day-to-day work. If all of these objectives can be achieved and improved using a gamified approach to cybersecurity work, it should be utilized far and wide. It is encouraging to see both the private and public sector adopting an arsenal of gamified cybersecurity tools; however, wider adoption is necessary in order to ensure our nation’s security.
The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email HSTodayMag@gtscoalition.com. Our editorial guidelines can be found here.