Training Series Challenges

HOTSPOT

Description- The idea is to search and secure a workspace by clicking on a violation to fix it within the allotted time. 

Learning Objectives- By identifying security violations in a virtual setting, users will learn to recognize similar violations in real life. They will learn to avoid the ‘7 deadly sins of security awareness: misinterpreting email legitimacy, reacting impulsively to scams, over-trusting security controls, oversharing on social media, mishandling devices, neglecting suspicious activity and surrendering to security fatigue. 

Audience- General end users Time- ~3 min.

 

CLASSIFY

Description- The idea is to properly handle a range of different data and material while categorizing it appropriately. The user will either need to swipe left or swipe right to classify the 

information into buckets, “public” or “private.” 

Learning Objectives- By categorizing the information (and learning from any miscategorizations), users will intuitively learn the differences between “internal only,” “confidential,” “private,” “public.”  

Audience- General end users Time- ~2 min.

 

VISHING

Description- The idea is for a user to be faced with a choice (choose your own adventure) on how to respond to a simulated, suspicious phone call. Their responses will lead him or her down a decision path resulting in either a pass (successfully deny the attack) or fail (unsuccessfully deny the attack). 

Learning Objectives- By selecting the answer most compelling, the user will simulate their responses to voice phishing (vishing) attacks in real life. 

Audience- General end users Time- ~3 min.

 

UNSCRAMBLE

Description- The idea is for users to be presented with a scrambled word puzzle challenge, that must be unscrambled to reveal a hidden cybersecurity message. 

Learning Objectives- Each cybersecurity message is tailor-made to address specific violations the users experience in real life, as well as progress them through the gameplay. 

Audience- General end users Time- ~3min.

 

THE SOCIAL

Description- The idea is for users to find the location of the target by searching for his location data posted public on social media. 

Learning Objectives- In addition to learning the mechanisms through which social media tracks people, users will also intuitively learn that their privacy is at risk and that steps to reclaim that privacy include removing location data from sensitive posts online. 

Audience- General end users Time- ~3min.

 

SOCIAL CONNECTION

Description- The idea is for users to sabotage a person’s social networking account that has been used to spam other accounts on the same networking platform. The goal is to go to a site, use the saved credentials that have been “saved” by the browser, and delete all connections. The number of connections deleted will be used as a passcode for a larger puzzle.

Learning Objectives- Users will learn that cybercriminals commonly create artificial social media profiles and “friend request” targets to gather more information during their reconnaissance phase. By denying such requests, users will protect sensitive personal and corporate information from unnecessary exposure (e.g. database languages, emails, etc.). 

Audience- General end users Time- ~2min.

 

PIKTRHUB (EULA)

Description- The idea is for players to navigate to a website that requires them to agree to the terms and conditions displayed. Players are given feedback based on if they scroll through the terms and conditions prior to accepting them. Feedback will be given to players regardless of their decision.

Learning Objectives- Users will be reminded of the many accounts they have set up online and the common practice of skipping through the fine print of an end-user license agreement (EULA). By skipping through the fine print, the users will learn that they are ignoring infringements of their privacy. 

Audience- General end users Time- ~2min.

 

DEFAULT CREDENTIALS

Description- The idea is for users to interact with a vulnerable device online which still has default credentials (e.g. admin, password) set for authentication. 

Learning Objectives- The users will be presented with a classic example of how destructive default credentials can be, and the necessity to change those passwords or risk device takeover. 

Audience- General end users Time- ~2min.

 

CRAFT A PHISH

Description- The idea is for users to place themselves inside the mind of a cybercriminal and learn to ‘craft a phishing email’ by using enticing words and imagery. 

Learning Objectives- By crafting a phishing email from the perspective of an attacker, users will intuitively learn ways in which people are exploited by trickery and persuasion via email. Phishing can be obvious but it can also look and feel all-too-real. It’s easier to spot a phishing email when you think like an attacker and not like a victim. Examples of phishing indicators include: Misspelled web links; Unfamiliar file extensions; Prompts to allow unusual programs to download. 

Audience- General end users Time- ~2min.

 

CALL TO PASS

Description- The idea is for users to investigate an organization’s public phone number to see if more information is being exposed unintentionally. 

Learning Objectives- In this case, users realize that the anniversary of the organization’s founding actually reveals a sensitive password. Many people set passwords which use familiar dates and ideas, but which are easily discoverable by cyber criminals. 

Audience- General end users Time- ~1min.