Using gamification to improve cybersecurity awareness

Team CISA – comprising students Sheena Loo, Huang Ching Wen, Manikandan Isha and Angela Lorenza Tjandra from the School of Computing and Information Systems - has emerged first runner-up at an international IT competition organised by Hilti, a multinational company that offers premium products and services for professionals on construction sites around the globe.

210 teams with 554 participants from 95 universities in 16 countries around the world participated in the Hilti IT Competition 2022. Nine teams were selected for the finals, which was held in-person at Hilti Asia IT Services Sdn. Bhd in Petaling Jaya, Selangor, Malaysia from 12-14 April.

The theme of the competition this year is to use gamification to improve cybersecurity awareness among Hilti’s employees. Cyberattacks have been on the rise, and cybercriminals often target employees in order to gain access to a company’s information and systems. Hence, it is important for employees to understand the importance of cybersecurity. To enable easier assimilation of knowledge and skills related to cybersecurity, the organiser wanted to incorporate gamification into their cybersecurity awareness campaigns. Participating teams could choose from a number of topics, including Social Engineering, Phishing, Device & Password Security, Ransomware & Malware.

Team CISA chose to develop tools to train Hilti employees about cybersecurity, specifically in social engineering. Social engineering refers to interpersonal influence with the aim of inducing certain behaviors, such as exposing confidential information. A social engineering cyberattack is the act of manipulating a person in order to obtain confidential information such as passwords, bank information, credit card numbers and any kind of sensitive information.

The training tools created by Team CISA were HiltiSecure and White Room. They are designed as an all-encompassing means of learning by immersive technology to keep employees engaged in cybersecurity training. HiltiSecure is a mobile application that leverages Augmented Reality technology to help employees spot objects around the office with the relevant social engineering scenario attached to it, playing from the point of view of a social engineering victim. Meanwhile, White Room utilises CAVE (Cave Automatic Virtual Environment) to create a virtual reality environment in the office, for employees to work collaboratively as a team and play as a social engineer hacker. These two solutions complement each other and create an ecosystem for social engineering training in Hilti.

Leader of Team CISA Angela Lorenza Tjandra said, “We decided to take part in the Hilti IT Competition 2022 to learn more about social engineering and gain exposure to cybersecurity. Throughout our journey, two major challenges we faced included minimal knowledge about social engineering and CAVE technology. We had to reach out to a vendor specialising in CAVE to learn more. In all, this experience has been worthwhile and we are overjoyed that our hard work paid off!”

The finalists were evaluated on Originality, Feasibility, Impact to Hilti, User-centricity, as well as Presentation & Teamwork.

For coming in first runner-up, each member of Team CISA received a Hilti cordless screwdriver and a tablet each. They are also given access to a fast-track application process to a paid internship at Hilti. The internship provides finalists with the opportunity to develop their ideas and bring it to life at Hilti.