Pixel International Conferences

With the evolution of information technology, more and more small and medium-sized enterprises (SMEs) are using technology to support and grow businesses [1]. SMEs are facing constant pressure to be more efficient, competitive and agile to secure their presence in the globally competitive market. With the prevalence of internet, SMEs are constantly evaluating and adapting new technologies such as software as a service (SaaS), cloud computing, mobile, internet of things (IoT), online banking etc. All these new opportunities are coming with inherent risks of ever-changing cyberspace and overgrowing cybercrime. SMEs are soft targets for cybercriminals and the need for controls is evidenced by accumulating fraud incidents, identity thefts, denial of service attacks and illicit accesses or breaches of data over the last few years [2]. This reduces the ability of SMEs to innovate and gain business advantage. Previous research has shown that the human factor remains the weakest link in the cybersecurity chain, so it is paramount to make sure the employees receive effective training to embrace a security mindset [3]. This study focuses on analyzing the challenges faced by SMEs in raising cybersecurity awareness in its employee. The objective of this study is to conceptualize the escape room serious games technique for the purpose mentioned above. A literature review has been conducted to identify the cybersecurity challenges faced by SMEs, and analyze the usage of escape room game technique for educational purposes. As main result, a prototype of a portable escape room to raise cybersecurity awareness in SMEs is described. According to Hevner’s design science research approach [4], the prototype has been played, tested, adjusted and validated. Evaluation highlights that the escape room method is a worthy instrument for cybersecurity awareness trainings for SMEs.

Keywords: cyber security, cyber security awareness, SMEs, awareness and training programs, escape room, game-based learning.

References:

[1] Digital Report. (2019). Digital 2019: Global Digital Overview — DataReportal – Global Digital Insights. Retrieved from https://datareportal.com/reports/digital-2019-global-digital-overview
[2] Finbarr, T. (2016). Why SMEs are big targets for cyber crime - Raconteur. Retrieved April 18, 2019, from https://www.raconteur.net/risk-management/why-smes-are-big-targets-for-cyber-crime
[3] KS Survey Report. (2018). Cyber Risk Survey Report 2018. Retrieved from https://www.kessler.ch/fileadmin/user_upload/KS_Cyber_Report_2018_EN.pdf
[4] Hevner, March, Park, & Ram. (2004). Design Science in Information Systems Research. MIS Quarterly, 28(1), 75. https://doi.org/10.2307/25148625