Core Concepts
Gamification can effectively enhance security awareness and training among smart grid users, particularly smart meter consumers, to mitigate cybersecurity risks.
Abstract
This paper explores the use of gamification to improve security awareness and training among smart grid users, particularly smart meter consumers. The authors developed a web-based game prototype using the "Root the Box" platform to engage users at different levels of expertise - beginner, intermediate, and advanced.
The key highlights and insights from the paper are:
The traditional security awareness training programs are often ineffective in instilling an information security culture among organizations and individual users. Gamification can be a promising approach to fill this gap.
The game prototype consists of three difficulty levels, each with three stages of questions covering various security topics related to smart meters, such as physical security, passwords, phishing, cyber-calling, public Wi-Fi, authentication, device security, HTTP, and data breaches.
The evaluation of the game showed significant improvements in the participants' performance across the three difficulty levels. The beginner level saw a 40% improvement, the intermediate level a 35% improvement, and the advanced level a 29% improvement.
The number of hints taken by the participants during the training stages also indicated their engagement and willingness to learn, further demonstrating the effectiveness of the gamified approach.
The authors identified areas where participants had relatively lower knowledge, such as device security, HTTP, and data breaches, which can inform future training efforts.
The study highlights the potential of gamification in enhancing security awareness and training, particularly for smart grid users, and provides insights for future research directions, such as exploring the long-term effects on user behavior and incorporating virtual reality technology.
Stats
The average cost of a data breach is around $4.45 million USD.
Cybercrime costs the UK economy nearly £27 billion every year.
80% of data breaches are caused by a lack of cybersecurity skills.
82% of data breaches result from human error.
Quotes
"Gamification is a new concept in the field of information security awareness training (SAT) campaigns that can be introduced to fill in this gap by providing employees with a means of practising and learning about many security flaws and risks that exist within the organisation."
"It can be demonstrated that the scores of participants in the three levels have improved by 40%, 35% and 29%, respectively. This reflects the awareness of learning within our system."