Although cybersecurity awareness training for employees is important, it does not provide the necessary skills training required to better protect businesses against cyber-attacks. Businesses need to invest in building cybersecurity skills across all levels of the workforce and leadership. This investment can reduce the financial burden on businesses from cyber-attacks and help maintain consumer confidence in their brands. In this article, we discuss the use of gamification methods that enable all employees and organizational leaders to play the roles of various types of attackers in an effort to reduce the number of successful attacks due to human vulnerability exploits. We combine two separate streams - gamification and entrepreneurial perspectives - for the purpose of building cybersecurity skills while emphasizing a third stream - attacker types (i.e., their resources, knowledge/skills, and motivation) - to create training scenarios. We also define the roles of attackers using various theoretical entrepreneurial perspectives. This article will be of interest to leaders who need to build cybersecurity skills into their workforce cost-effectively; researchers who wish to advance the principles and practices of gamification solutions; and suppliers of solutions to companies that wish to build cybersecurity skills in the workforce and leadership.
Adams, M., & Makramalla, M. (2015). Cybersecurity Skills Training: An Attacker-Centric Gamified Approach. Technology Innovation Management Review, 5(1), 5–14. https://doi.org/10.22215/timreview861