Nick Shaw, general manager for EMEA at Norton by Symantec, believes that gamification is an ideal tool businesses should be using to speed up changes in security.
Don’t panic! This was the life lesson that Douglas Adams had emblazoned on every issue of the eponymous Hitchhikers Guide to the Galaxy. Used to temper the fears of the people in his universe, it’s an apt entry-point into facing the threats that comprise the world of cybersecurity.
It’s difficult advice to follow, I know. In our years of traversing the realm of cybersecurity, one thing has become clear, in that the only thing certain is uncertainty. In Symantec’s own traveller’s companion – the annual Internet Security Threat Report – we take measure of the cybersecurity environment and try to help our customers plot the course of best practice. But each year, we see new dangers unfold.
2013 was the year of the Mega Data Breach with unprecedented attacks on the likes of Facebook, Adobe and Target contributing to 552 million user identities exposed – 368 per cent higher than the previous year. The likes of Heartbleed made 2014 the year of the zero-day attack – where 24 dormant flaws were discovered and disclosed. Ransomware attacks, where a victim’s data is captured and encrypted before a cyber-criminal attempts to extort a fine for its release, also rose 113 per cent last year.
Social media and apps are proving fruitful new attack vectors for example. We found that last year 70 per cent of all social media scams were manually shared, underlining a lack of common understanding of the latest online threats.
But there will always be another scam or vulnerability to exploit. Cybercriminals are truly an inventive set, and will look for any opportunity, loophole and backdoor to exploit a new victim. Small and medium business owners, unfortunately, appreciate this more than most. 60 per cent of all attacks are aimed at SMBs, which often simply don’t have the financial resilience to absorb a particularly debilitating attack.
But remember – don’t panic! As cyber-threats evolve, so does cybersecurity. A large part of what the security industry does is monitor for new threats and then quickly finds a solution to protect customers. Of course, technology is only half the answer. Businesses and individuals need the right training and mindset to protect themselves. Any uneducated employee can be a vulnerability and should be taught about how to spot dangerous activity.
Gamification is a useful aid in embedding best practices and speeding up a change in mentality – this could take the form of a game that teaches employees about the need to set strong passwords or what a phishing attack looks like.
We will probably never reach a point where all threats are mitigated, but the priority must always be to stay as educated and therefore as protected as possible. In other words: don’t panic, prepare!
Nick Shaw is the general manager for EMEA at Norton by Symantec.