Project Summary
This project addresses the persistent issue of cybersecurity by using an educational game to teach players
how to identify and mitigate cyber threats. The game provides an interactive experience where players can
practice responding to cybersecurity challenges, such as phishing and brute force attacks, in a risk-free
environment.
The project focuses on both highlightining the importance of cybersecurity to less experienced players through storytelling and an engaging gameplay loop; while also acting as a simulation for professionally trained players.
Upon review by playtesters, the game would prove to appeal to both demographics through challenging gameplay and a compelling narrative.
Why This Approach?
The gamification of learning has been proven to be effective for long-term knowledge retention and engagement. Unlike traditional cybersecurity training that relies heavily on static materials, this game provides scenario-based learning with mechanics inspired by real-world threats.
My research lead me to the conclusion that traditional cybersecurity awareness campaigns can excel at delivering information, but fail to attribute value to the information being provided. I concluded from my research that value can be attributed to information through a specific experience that is easier to commit to long-term memory.
Educational games (also known as serious games) have already shown to be effective as training material by professionals in various fields. One example being the game "Vital Signs" by breakawaygames, which has been shown to improve the performance of surgeons in real scenarios. However, many existing serious games are generally uninteresting and have no replay value to those that are not already interested in the given topic. This makes up the majority of people for most topics, including cybersecurity.
From this, I would learn from the examples set by games such as Undertale, which carefully combine their "message" with gameplay and a story that reinforces it, without sacrificing the enjoyment that any good game should provide.
For the full breakdown, including the methodology, research, program architecture and playtester results, read the paper here.
The Story
Meet Steve. He's a new hire at a dysfunctional company called "Corpo", a place where any means are used to move up the corporate ladder. As the story
unfolds, Steve navigates a hostile work environment plagued by poor safety practices and malicious
behavior from other employees. Each day presents new challenges, from phishing emails to physical machine tampering; all of which must be handled as Steve aims to complete his daily quota. You will find that the entire world of "Workday for a Weekday" is full of references and information regarding cybersecurity. Speaking with various NPCs around town and within the Corpo building will further emphasise the impact of good and bad cybersecurity habits. You may want to listen in to what other characters are talking about, as it may give you some important information regarding the days work ahead.
Gameplay
You objective is to complete all of your assigned tasks before the day ends. These tasks can consist of answering emails, printing off confidential documents and more. You may have multiple responsibilities on a day which will naturally increase the complexity of a days work. Complete all of your tasks before the time runs out and you will be able to continue the story and move onto the next day.
But each day also poses the challenge of dealing with malicious actors, both online and within the office. These threats represent the many different methods of attack which are used to gain unauthorised access to accounts, data and devices; including methods such as phishing, man-in-the-middle attacks and social engineering. It's your job to identify these threats when they appear, and handle them accordingly.
Layout of the UI, with the email system and timer. You must answer all emails appropriately depending on their content.
Layout of the main gameplay area. It consists of your own cubicle and cubicles for other employees. People can walk through the room at random.
Example of one of the minigames; a passcode scanner that requires a hard-to-guess passcode to be entered to prevent other people stealing documents. Represents breaches related to brute force attacks.
