For many years, adolescents and young adults have disappeared for countless hours playing video games; teaming with gamers around the world to solve mysteries, track enemies and save the virtual world. What if the strategies used in gaming could be harnessed to counter the threat landscape and address the cybersecurity skill shortage?
When forecasting threats for 2018, an escalating arms race in machine learning was viewed as a major concern with adversaries ramping up their use of artificial intelligence. Another concern was moves by cybercriminals to apply ransomware technologies beyond extortion of individuals to higher-value cyber sabotage and disruption of organisations. Could the answer to tackling these issues lie outside the typical cybersecurity hiring profile? Perhaps with a niche group who have received prolonged conditioning to think on their feet such as gamers?
With rewards in the form of talent development, resources, opinions and promotions, gamification is growing in importance as a tool to help drive a higher performing cybersecurity organisation. The most common form of gamification exercises are hackathons, capture-the-flag, red team-blue team or bug bounty programs in organisations. That being said, there is a correlation between the use of gamification and happier cybersecurity staff. Tactics like “capture the flag” gaming once or more a year, promotes an objective oriented team work in a light yet productive manner. This gamification strategy also leads to raised awareness and knowledge among IT staff of how breaches can occur, how to avoid becoming a victim of a breach and how to best react to a breach; it also enforces a team work culture necessary for quick and effective cybersecurity.
When we look at current cybersecurity employees, you may be surprised to learn that many of these cybersecurity professionals are experienced video gamers. They develop persistence, endurance, observation and logical and analytical skills. These are some of the many core skills that cybersecurity threat hunters of the future will need that provides a strong foundation for a career in cybersecurity. This encourages a diverse domain of skills and expertise, which is vital to developing a sustainable model for security operations that can adapt as the threat landscape evolves.
Cybersecurity is a robust, active ecosystem, where the threat landscape will never be stagnant, and neither should the workforce. The industry has got to be ever evolving, both in terms of the strategies adopted and the dynamic flow of people in an organisation.
The writer is managing director, South Asia, McAfee