Expertise is the best protection

Attack methods of criminal hackers are increasingly targeting users. The human factor is one of the greatest challenges in information security. Making the internet in Switzerland more secure requires competent internet users.

Text: Katja Dörlemann, published on 16.09.2020

SWITCH supports and promotes security awareness in Switzerland in two main ways. First, we are contact partners for specialists with questions or problems. We are an active participant in national and international platforms for exchanging information about security awareness, and share the latest theoretical and practical findings via working groups, presentations and webinars. In addition, we created the annual SWITCH Security Awareness Day, where interested parties and specialists can meet, swap knowledge, network and find inspiration.

Second, we develop innovative security awareness measures so that we can offer our community exciting and practical solutions. The SWITCH Security Awareness Adventures are fun security training sessions that lead to successful learning outcomes. Existing game concepts are adapted to the topic of security and embedded in an educational framework. Every adventure follows these three steps.

Learn: Participants are introduced to basic security topics and provided with security-related knowledge.
Apply: The team members must work together in a game scenario to apply the knowledge they have obtained.
Repeat: In a debriefing, the participants discuss what they experienced, thus going back over what they have just learned.

We started in August 2018 with ‘Hack the Hacker – The Escape Room’. A criminal hacker has infected the organisation with ransomware and is now demanding money to release the encrypted data. The team must find the decryption code. As participants look for the code to hack the hacker, they develop a better understanding of general cybercrime risks and password managers.

To date, around 400 people have successfully managed to hack the hacker. Feedback, both from participants and information security officers, is consistently positive. Interest in password managers is growing, as is the buzz around information security.

As a result, we launched another adventure in August 2020: ‘Track the Hacker – The Outdoor Quest’ takes participants through urban Zurich. A criminal hacker has stolen data and is now looking to sell it. The team must pursue the hacker and the data, learning a lot about social engineering, data protection and data security along the way.

Our community will be glad to learn that a third adventure, ‘Piece of Cake – The Table Top Game’, is coming soon. The project began at a hackathon, as a collaboration between a variety of participants. Based on the role-playing game Dungeons & Dragons, a security training session was developed to introduce the participants to social engineering techniques. The players take on the roles of members of the ‘PiggyBeck’ bakery team and, together with the game master, tell the story (collaborative storytelling) of how they will retrieve the stolen cake recipe from rival bakery ‘Honey Pot’.

Building on the concepts of an escape room, a scavenger hunt and a Dungeons & Dragons session, we have developed three game-based learning experiences that allow participants to try things out, puzzle over problems and be creative. Gamification and teamwork help provide a truly memorable experience.