How many times have you endured a dry-as-dust PowerPoint presentation or clicked through a tired e-learning course only to realize, despite hours of ‘teaching,’ you remember virtually nothing? It’s easy to blame yourself when this happens; you may feel guilty or even harbor doubts about your ability to retain knowledge. Don’t. There’s a good chance that the material simply wasn’t practical, engaging or relevant enough – flaws magnified when you are spoken at, instead of with, in a stale classroom environment.
I am not suggesting school-style learning should be outlawed, as it certainly has its merits. But some subjects, particularly those with a large technical element, demand a more innovative approach. Without doubt, cybersecurity falls into this category – something I first observed while delivering GCHQ’s Cyber Summer School. It was evident that people enjoyed completing practical exercises requiring analytical thinking and problem solving. It was also clear that when people had fun, they learned more.
And increased cyber learning is something every workforce can benefit from. Security is no longer handled by a select few while others do as they digitally please; it is the responsibility of everyone in an organization. In fact, every employee should have some degree of cyber training, and this is something that kept me thinking during those summer months with GCHQ. To transform a workforce, you first must engage it – and when it comes to cybersecurity, there’s no better way to do this than gamification.
Despite its name, gamification is not strictly about games. It is the act of taking something already in existence – a website or application, for instance – and increasing engagement using game mechanics, such as reward and competition. It works because those mechanics are addictive and yield excellent results in a learning environment. Typical gamified exercises such as capture-the-flags and hackathons also double up as great team-building activities owing to their social nature. A recent study by McAfee found 96% of organizations that hold such events report tangible benefits. They can even help in the search for hidden talent, with many self-taught or uncertified participants using such exercises to prove their worth.
Several elements make gamified solutions effective, not least social features that encourage competition in a lightweight manner, such as a leaderboard. Humans are also known to crave the simplicity exhibited in games like Bejeweled. As outlined by Erin Hoffman on Gamasutra, Bejeweled’s addictive elements are simple: the game is easy to understand and access, it presents a clear problem with a clear solution, and the results of actions create consequences with intermittent reward. Simple design techniques, including the use of specific shapes and colors, can also keep us coming back for more. (You like those little red badges on your iPhone, right?)
So, game mechanics obviously compel people to act. And when that action is improving the way we learn, such mechanics are a force for good. Learners who are satisfied by their education, who understand their work and gain a sense of accomplishment from it, will of course perform better.
Making experiences more engaging this way is not a new concept. In 2012, US pharmacy Omnicare introduced gamification to its IT service desk and achieved a 100% participation rate. That same year, American software corporation Autodesk used it to raise its trial usage by 40%. This year, TalentLMS’s Gamification at Work survey found 85% of employees would spend more time on software that was gamified, while 87% agreed gamification made them more productive. Clearly, it works.
Applying gamification to cyber training is a no-brainer – especially when considering it can be largely automated. Training in anything must occur often to be effective, and nowhere is this truer than in cyber, where learning must be consistent to combat constantly evolving threats. Using automated, gamified solutions, employees can upskill on their own terms, without need for disruption to company operations. This doesn’t only save time and money; it also allows for greater training frequency and, in turn, greater learning. And with 77% of senior security managers agreeing their organization would be safer if it used gamification more, it is surely time for more businesses to take heed.