In testing exercise conducted using Kaspersky Gamified Assessment Tool, just 11% of 3,907 employees proved to have a high level of cybersecurity awareness. According to the same assessment, fewer skilled users made most of their mistakes in the realm of web browsing.
With 90% of people overestimating their cybersecurity abilities, Kaspersky Gamified Assessment Tool is designed to not only change employee behaviour and awareness, but also to assist chief information officers (CIOs) and HR departments measuring workers’ cyber skills, and provide their teams with a relevant education environment.
During the game, employees receive points on the decisions they make during commonly encountered situations occurring while working remotely – at home or while travelling – and working in the office. They are asked to assess whether their actions carry cyber risks, and how confident they are in their assumptions.
One in ten (11%) of test participants were awarded a Certificate of Excellence, meaning they gave correct responses, scored over 90% of possible points. According to the analysis, which involved users being assessed between January 2021 – September 2022, most of the users – 61% – achieved an “average” result ranging from 82% to 90% points, while 28% could not prove sufficient knowledge of cybersecurity knowledge, scoring less than 75%.
The Gamified Assessment Tool users choose green chips if they think the scenario is safe, or red if they think it’s dangerous. The number of chips indicates how confident they are in their answer.
The Gamified Assessment Tool covers six security domains: passwords and accounts, email, web browsing, social networks and messenger, PC security and mobile devices. The web browsing topic appeared to be the most difficult for users – just 24% defined actions correctly. Scenarios tied to mobile devices were least complex – 43% of employees made no mistakes in identifying cyber risks in these scenarios.
“The Gamified Assessment Tool is included in the ‘engagement phase’ of our Security Awareness Portfolio. It precedes the training stage in the Kaspersky Automated Security Awareness Platform, allowing employees to get clearer motivation for learning and helping organisations find out which educational program best fits their workers’ specific needs,” comments Alexander Lunev, Product Manager, Security Awareness and Academic Affairs at Kaspersky. “However, even the best possible result achieved in the game is not an indicator that a user needs no further advanced training or periodic knowledge refreshment. The adversarial methods can change, and a person’s vigilance may weaken. That is why we also make sure that the learning and reinforcement parts of our product are interesting for all learners of all levels.”