The Phishing Game: An Analog Game To Defend UK Organisations From Phishing

Research output: Contribution to conferencePoster

Abstract

In 2022, 39% of all UK businesses identified a cyber attack against their own organisation. Cyber attacks have not only the power to financially impact an organisation, but can cause the loss/theft of personal data, affect critical national infrastructure, and have the potential to affect national democratic processes. A great detail of research focuses on understanding vulnerabilities, protecting systems, and in some cases initiating red team strategies. Despite these technological approaches to protecting the UK, the most common attack vector remains focused at individual employees, through attacks such as phishing (83% of identified attacks). Humans remain the most exploitable endpoint in an organisation, and a well informed employee be the difference between protecting their business, or facilitating a potentially debilitating cyber attack.

From the field of disinformation research, inoculation theory pre-exposes a participant to a weakened version of a persuasive argument to increase resistance to disinformation. Researchers have used inoculation theory in both physical and digital games, with participants yielding positive results identifying false information, and resisting “fake news.” Phishing attacks are often overlooked as a form of disinformation, and inoculation theory is yet to be utilised to help combat this.

This research focuses on using game design methods from both inoculation theory and serious game research to create an analog serious game. In The Phishing Game, players take it in turns to identify different types of phishing attacks, to ensure the survival or their company and the protection of their customers. Players also use a number of Action Cards to help protect themselves, and play competitively with their teammates. The Phishing Game can be used as an alternative training tool for employees against phishing within organisations.
Original languageEnglish
DOIs
Publication statusPublished - 22 Jan 2024
Event2023 Defence and Security Doctoral Symposium -
Duration: 31 Jan 20241 Feb 2024

Conference

Conference2023 Defence and Security Doctoral Symposium
Period31/01/241/02/24

Cite this