Cybersecurity Sorted

Sponge Launches New Off-the-Shelf Mobile Game

Plymouth (UK), July 2019 - The LPI's Learning Provider of the Year, Sponge, has launched Cybersecurity Sorted, an engaging learning game that transforms cybersecurity training to make people a first line of defence for businesses. With human error the root cause of one in five data breaches, the new mobile game not only mitigates risk, but arms employees with the skills and confidence to build a 'human firewall'.

Designed for workers in medium to large organisations across all industry sectors, Cybersecurity Sorted is a fast-paced game that instils desired behaviours in employees via built-in rewards and ongoing feedback. Learners play the role of an IT apprentice tasked with fielding their colleagues' cybersecurity enquiries. Essential knowledge, such as how to identify different types of cyberattacks, is delivered in a memorable way to encourage long-term behaviour change.

Following the success of Sponge's first off-the-shelf game, GDPR Sorted, launched in May 2018, Cybersecurity Sorted is the second in the company’s 'Sorted' series of compliance training solutions.

Cybersecurity Sorted was created in conjunction with subject matter expert BluescreenIT, a leading cybersecurity consultancy and IT training academy. "With cyber-threats often caused or exacerbated by human error, businesses need to prioritise employee training as part of their cyber defence strategy," explains Michael Dieroff, CEO of BluescreenIT and UK Chairman of the Digital Policy Alliance's Security Skills and Partnerships Council.

He continues, "Cybersecurity Sorted is an invaluable tool for instilling cybersecurity awareness in all employees across any organisation. Sponge's game works so well because it's an enjoyable way of delivering a serious message. The interactivity and scenario-based gameplay engages staff and promotes learning retention."

Jason Butler, Sponge's award-winning games developer, added, "Learning via games has been proven to be successful for a number of reasons: Because games are experiential in nature, learning can be applied immediately; they yield higher gains and improve retention over more traditional instruction; mirroring real-world scenarios, users are able to 'play' in a risk free environment; and games can be played repeatedly - after all, practice makes perfect!

Where learning games work particularly well is taking a 'serious' or 'dull' topic and making it fun and engaging through gameplay, and this is exactly what we did with GDPR Sorted last year and what we're replicating with Cybersecurity Sorted."

Recreating office based scenarios in a fun and visually compelling way, Cybersecurity Sorted presents learners with real-world cyber threats alongside everyday low risk situations. Using familiar mobile gaming mechanics, such as swipe yes/no actions, users are expected to select the right answer out of two possible options. Learners work their way up through five levels, collecting stars to rise through the ranks.

At the first level, employees learn how to spot a phishing attempt and identify untrustworthy hyperlinks. At level two, they are taught to recognise good practice, including what constitutes a strong password. At the third level, learners are shown how to recognise the symptoms of a breach. At level four, training focuses on which incidents should be reported to IT. The fifth and final level focuses on assessment and free play, encouraging employees to practice the learning gained in previous levels.

Explaining the business rationale, Louise Pasterfield, founder and managing director at Sponge, said, "While we are known first and foremost as a 'custom digital learning provider' who creates bespoke solutions for major brands, we're keen to take our expertise in learning games and gamification - via our work with the likes of GSK, Coca-Cola, and Yum! Brands - to a wider audience via our off-the-shelf game.

"Cybersecurity is a major concern for all organisations; a day rarely passes by when we're not reading about another organisation falling victim to an attack and the impact this has on brand reputation and the bottom line. While most industry reports identify insider threats as a huge factor, we know that investment in training is not commensurate with the scale of the problem.

From talking to our clients about their challenges, and given our expertise in shaping employee behaviour through learning games, we knew that cybersecurity training was an area on which we could make a positive impact. As opposed to contributing to risk, Cybersecurity Sorted enables employees to form part of an organisation's defences. Put simply, people have the potential to form a 'human firewall'."