Cybersecurity is serious business. Take the ransomware attack that shuttered Baltimore for months and cost the city millions to correct. Or the breaches in Louisiana, the Office of Personnel Management (OPM), the Small Business Administration (SBA) or many more agencies. The list is seemingly endless. All these incidents create a zero-fun environment for governments.
We also know that for an organization to be truly secure, every employee, endpoint and network must be secure. That’s exactly why cyber-readiness tops the list of every chief information officer (CIO), chief information security officer (CISO), chief technology officer (CTO) and administrator in government.
However, knowing that you need to be secure, and understanding risky cyber behavior, are two different things.
“It took a generation to change behaviors about seat belts. And, my goodness, how long did it take for people to know eating foods with sugar, smoking and listening to loud music aren’t good for you,” said Keith Trippie, founder of the Trippie Group and a former Homeland Security Department (DHS) employee, “We need to do the same for cyber.”
The question is how?
One way could be to make cyber-awareness and training a little more fun. Yes, fun!
“My humble attempt to make cyber-awareness fun and effective, is to make cyber-awareness a game with the Cyber Deck of 52,” explained Trippie.
The Cyber Deck of 52 breaks down each suit in a typical deck of cards into a cybersecurity category. In the deck, the suits are:
- Hearts: Prominent Cyber Attacks
- Spades: Cyber Bad Acts
- Clubs: Tactics, Techniques and Procedures
- Diamonds: Cyber Hygiene Tips
So, as you are playing your next round of Go Fish, you can learn how to spot a real-world phishing attempt. Sounds educational, and dare I say, even a little bit fun.