Learning Cybersecurity through Gaming
By Ron McFarland, PhD
Youtube Link: https://youtu.be/7vBfZN812rs
The big question related to this article is: Can you learn about “insider threat,” a key cybersecurity issue today, from a game?
The Center for Development of Security Excellence (CDSE) provides Security education, training, and certification for DOD and Industry. Recently CDSE released a new security awareness eLearning game, The Adventures of Earl Lee Indicator.
Here’s the link to the game:https://securityawareness.usalearning.gov/cdse/multimedia/games/escape/index.html
Catching up on Cybersecurity Terminology
Before we highlight the game a bit more, let’s catch up on terminology. In cybersecurity, an insider threat happens when someone within an organization with authorized access (an employee, a contractor, a part-timer, third-party vendor, etc.) misuses that access that negatively impacts the organization’s critical information systems and data. Insider threats can be either unintentional or intentional (e.g., malicious), based on the individual’s intention. Unintentional insider threats are typically from a negligent employee falling victim to a social engineering attack, such as an email phishing attack. In contrast, a malicious act can be from intentional data theft, corporate espionage, or data destruction.
Insider threats, both intentional and unintentional, are costly to an organization. Global Report reveals that insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million.Here are a few highlights from this year’s Global Report:
- The cost of credential theft to organizations increased 65% from $2.79 million in 2020 to $4.6 million at present.
- The time to contain an insider threat incident increased from 77 days to 85 days, leading organizations to spend the most on containment.
- Incidents that took more than 90 days to contain cost organizations an average of $17.19 million on an annualized basis.
Now, back to the CDSE Insider Threat Game
The game centers around an insider threat and is entitled “The Adventures of Earl Lee Indicator” The agent profile includes (a) Name = Earl Lee Indicator, (b) Title = Sr. Field Agent, © Experience = 18 years, and (d) Area of Expertise = Insider Threat Detection. There are two missions, with Mission One currently active and Mission Two marked as “coming soon”. To play the game, you must carry out the mission (Mission one, for now) within a given time limit of 25 minutes. The gamer must find hints and clues. As an example of a clue, you can find a container that holds a key card that needs to be decrypted to open a door. Some clues are valuable (useful), while other clues are a waste of time. The game has 4 rooms with puzzles that need to be solved. The solution includes figuring out passcodes, finding hidden items, with the intention of eventually freeing yourself from the rooms.
Please let me know what you think
Give it a try and let me know what you think. Is this type of learning effective / efficient for you? Other thoughts? (My contact info is posted below)
Here’s the link (again) to the game: https://securityawareness.usalearning.gov/cdse/multimedia/games/escape/index.html
References
Center for Development of Security Excellence . (2022). Center for Development of Security Excellence Homepage. Center for Development of Security Excellence . Retrieved September 23, 2022, from https://www.cdse.edu/
Proofpoint. (2022, May 17). 2022 Ponemon cost of insider threats global report: Proofpoint US. Proofpoint. Retrieved September 23, 2022, from https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats
About the Author
Ron McFarland, PhD, CISSP is a Senior Cybersecurity Consultant at CMTC (California Manufacturing Technology Consulting) in Torrance, CA. He received his doctorate from NSU’s School of Engineering and Computer Science, MSc in Computer Science from Arizona State University, and a Post-Doc graduate research program in Cyber Security Technologies from the University of Maryland. He taught Cisco CCNA (Cisco Certified Network Associate), CCNP (Cisco Certified Network Professional), CCDA (Design), CCNA-Security and other Cisco courses and was honored with the Cisco Academy Instructor (CAI) Excellence Award in 2010, 2011, and 2012 for excellence in teaching. He also holds multiple security certifications including the prestigious Certified Information Systems Security Professional (CISSP) certification and several Cisco certifications.
CONTACT Dr. Ron McFarland, PhD, MSc, CDNA, CISSP
· CMTC Email: rmcfarland@cmtc.com
· Email: highervista@gmail.com
· LinkedIn: https://www.linkedin.com/in/highervista/
· Website: https://www.highervista.com
· YouTube Channel: https://www.youtube.com/channel/UCJ57_1OgZ5H1nMVdGElcvrw
