The Importance of Malware Awareness for Aspiring Cyber Professionals: Applicability of Gamification Static Analysis Tools

Abstract

Modern day organizations face a continuous challenge in ensuring that their employees are cognizant with malware and cyber attacks, since it has the potential to cause financial, legal, and reputational damage to them. Current awareness training exists in a multitude of forms to equip employees and organizations to protect themselves against malware and cyber attacks. This article proposes a more realistic and interactive approach to malware training through a simulated ransomware infection presented as a game, both for employees and students in cyber security domain. The proposed mechanism was tested by individuals within cyber industries and students and demonstrated at events within the South West of England to an audience of prospective employees and industry experts, who found the training beneficial and insightful into how malware can be avoided and identified. Overall, results from the development of the tool indicate that the ability to identify malicious files increased in the range of 12%–55%, with respondents generally agreeing the tool was useful for increasing learning capacity. External results from unstructured interviews appear to illustrate that individuals displayed a heightened awareness post-training. External surveys with undergraduate students studying cyber and computer science indicate 100% of students believe the training would be useful for some form of training, with 86% evaluating the training would be suitable for both unsupervised and supervised malware training. Language analysis revealed highly positive vocabulary in free-text questions from multiple year groups, most highly in second and third year cyber security cohorts.