Adopting Gamification Needed to Amplify Cybersecurity Awareness: Saudi Aramco Official

Cybersecurity awareness can be amplified in organizations by adopting gamification techniques, which introduce game mechanics into a nongame environment to enhance the participation of employees. Abdulrahman Alnaim, upstream information security manager at Saudi Aramco, highlighted the gamification concept at the Black Hat MEA in Riyadh on Wednesday. “Gamification is not a new idea, it has been around for a long time, but we are trying to apply it in a way that allows us to use the elements of competition among our employees to make sure that we have that security culture in our organizations.” He added: “Everyone wants to build a cybersecurity culture because centralizing cybersecurity within a cybersecurity team is no longer enough.”

Alnaim explained that the gamification of cybersecurity is not that common in Saudi Arabia as he was aware of a “couple of companies that have done something around that (concept).” He said that the program they use at Aramco is “more customized” to the company’s specific needs. The Aramco executive emphasized that “we’re going through digital transformation,” which means “more assets and more data to be shared internally within an organization” that would require them to “pay more attention to how our people are being innovative.” He said: “With every new technology comes new challenges that’s a fact of life.”

Alnaim said it is necessary to assess the benefits and challenges of a technology. If the benefits outweigh the challenges, he added, the technology should then be embraced. He said there is “no such thing as zero risk…While adopting new technologies you have to keep in mind with this new technology there is a new set of risks, and a new set of challenges, you have to make sure you have the culture to ensure these challenges are not being used against you.” Alnaim gave the example of how artificial intelligence is largely used by the “bad guys” and without cybersecurity countering them as the “good guys” it would give the former “speed, agility, ease of use, and introduce them to a host of malicious activities.”