The journal Computers and Security had published our paper, “Nudging Users towards Online Safety using Gamified Environments”.  The paper is written by Yelena Petrykina,  Hadas Schwartz-Chassidim, and Eran Toch, and can be found here.

Hackers increasingly target human vulnerabilities, with malware downloads and phishing attacks becoming some of the most common ways to hack into organizations. Organizations try to promote cyber-hygiene, with training, simulated phishing attacks, and surveillance, but those measures are limited: employees usually dislike cyber-security training, and surveillance limits employees freedoms and productivity.

In this paper, we have tried a different approach: a gamified interactive model that rewards users according to their online security behavior.  We’ve implemented our approach in Security-Robot, which shows the user their current security score using points, and tailors particular warnings based on potential risk.

 

 

The performance of users in the four study conditions

We evaluated our approach in a randomized controlled experiment against traditional security messages. Our results show that a gamified experience reduces the number of downloaded malware without reducing productivity and that presenting preemptive notifications strengthens this effect.

 

 

TheMarker article covering our research

The economic section of Haaretz, TheMarker, had published a piece on the paper. The article (in Hebrew) can be found here. A PDF version can be found here: מעבדה לניהול | “טעות אחת של עובד — וכל מערכת הגנת הסייבר של הארגון לא שווה הרבה” – TheMarker – TheMarker