Arab News, Thursday, Nov 16, 2023 | 2 Jumada, 1445
AH
Adopting gamification needed to amplify cybersecurity awareness
RIYADH: Cybersecurity awareness can
be amplified in organizations by adopting gamification techniques, which
introduce game mechanics into a nongame environment to enhance the
participation of employees.
Abdulrahman Alnaim, upstream information security manager at Saudi Aramco,
highlighted the gamification concept at the Black Hat MEA in Riyadh on
Wednesday.
“Gamification is not a new idea, it has been around for a long time, but we
are trying to apply it in a way that allows us to use the elements of
competition among our employees to make sure that we have that security
culture in our organizations.”
He added: “Everyone wants to build a cybersecurity culture because
centralizing cybersecurity within a cybersecurity team is no longer enough.”
Alnaim explained that the gamification of cybersecurity is not that common
in Saudi Arabia as he was aware of a “couple of companies that have done
something around that (concept).”
He said that the program they use at Aramco is “more customized” to the
company’s specific needs.
The Aramco executive emphasized that “we’re going through digital
transformation,” which means “more assets and more data to be shared
internally within an organization” that would require them to “pay more
attention to how our people are being innovative.”
He said: “With every new technology comes new challenges that’s a fact of
life.”
Alnaim said it is necessary to assess the benefits and challenges of a
technology. If the benefits outweigh the challenges, he added, the
technology should then be embraced.
He said there is “no such thing as zero risk…While adopting new technologies
you have to keep in mind with this new technology there is a new set of
risks, and a new set of challenges, you have to make sure you have the
culture to ensure these challenges are not being used against you.”
Alnaim gave the example of how artificial intelligence is largely used by
the “bad guys” and without cybersecurity countering them as the “good guys”
it would give the former “speed, agility, ease of use, and introduce them to
a host of malicious activities.”