Enhancing Cyber Security - Development of trainings using "Escape Room" Model
EyesOnCS
The digital age is leaving its mark on companies. Increasing digitalization is permanently changing the business processes of many companies: not only are services, products and processes being digitalized, but completely new business areas are also increasingly being created in the digital sphere. It should also be noted that the coronavirus pandemic has provided a boost to digitalization.
Objectives and contents
However, the digital transformation not only brings benefits, but also risks and dangers. For example, shifting work to the digital world has created additional targets for cyberattacks. Employees have been sent to work from home without being adequately prepared for this working format. People without technical/IT knowledge in particular were often overwhelmed and had difficulty coping with digital solutions. The importance of data protection and data security has become particularly clear during this time: Weaknesses in security concepts were uncovered and it was shown that the topic of cyber security needs to be fundamentally revised on various levels.
The lack of knowledge in the area of cyber security and a general awareness of the dangers and risks to which people are exposed online are problems that many European countries are confronted with. In addition to the lack of IT specialists, it is especially employees without prior technical knowledge who endanger the data security of companies, businesses and organizations. According to the reports, uninformed, ignorant and unaware employees are the biggest weak point in companies. Cyber literacy and raising awareness of this issue in general is becoming an important topic in many educational institutions and companies.
This is where the two-year ERASMUS+ project “EyesOnCS” comes in. The project is being implemented under the leadership of the Fachhochschule des Mittelstands (FHM) with other partners in Germany, Portugal and Italy.
The aim of the project was to develop innovative solutions and concrete educational products that prepare vocational school students and employees without technical/IT knowledge in particular for working safely in digital worlds. The “escape room” model represents an innovative approach: Experimental learning without much prior knowledge, interactive elements and realistic situations from everyday work and learning brought the topic of “cybersecurity” closer. The development of different scenarios, according to which the escape rooms were set up, was intended to contain situations that could be encountered in (working) life in order to ensure the transferability and application of what has been learned in practice.
The hybrid form of the virtual learning platform with its playful learning activities on the one hand and a compendium with anonymized, real-life case studies on cybercrime in companies on the other should help to bring the topic more into the focus of educational institutions and companies. By using the solutions and tools developed in the project, the aim was to address specific dangers, risks and ways to minimize them, thereby raising awareness of the issue and at the same time imparting important, practical knowledge.
Project results
Output 1 - Compendium of cybersecurity cases
The topic of CS for non-technical staff/vocational students is still underrepresented in the institutions offering VET programs and in the training of SMEs. There is not only a lack of training, but also a lack of teaching and learning materials for the target group. The compendium, as a first output (O1), aimed to collect, structure and present cyber cases from real work environments that could be integrated as learning and teaching studies in educational programs at different levels, mainly for the target group of non-technical learners and employees in VET. The collected and selected cyber cases bundled in the compendium provide a variety of different situations describing cyber-attacks, fraud, social engineering, etc. that have occurred in organizations or in real work environments. The illustration of the problems, their origin and possible causes has been enhanced with solutions and measures that companies have introduced and implemented to address the security breach, giving the target audience a better understanding of CS issues.
Output 2 - Design of cyber alert scenarios
In the second output, six realistic cyber-attack scenarios were developed.
The “Cyber Alertness” scenarios are based on collected cyber cases that reflect real-life situations and generate six different scenarios for “Cyber Alertness”. Standard and provocative situations, pitfalls, were combined into scenarios and expanded to include learning objectives. Scenario-based learning combined with the idea of escape rooms is effective for learning as they provide a realistic context and emotional engagement, which increases motivation and accelerates expertise. Especially in the field of cyber security, the reference to realistic situations can have a very positive effect and added value, as learners can better understand the situation and transfer it to the working environment. The partners adapted the training form appropriately to the target group of non-technical employees/vocational students by emphasizing experiential learning.
Output 3 - Virtual learning environment
Output 3 “Virtual Training Escape Room” focused on the creation of a concrete virtual training using the “Escape Room” model as a learning approach in CS. The virtual training O3 contains various realistic scenarios (O2) that promote knowledge absorption, transfer to the real working environment and performance improvement. The partners adapted the training form appropriately to the target group of non-technical employees/vocational students by emphasizing experiential learning. This approach gives learners an active, self-directed and self-determined role - not a passive listening and absorbing of information, but an active process of making decisions, weighing options and understanding and observing the consequences.
The virtual training exposed the learners to specific situations that they might encounter in real working life, in line with the scenarios designed. By acting and reacting to different situations, the participants were able to gain experience and skills through the experimental learning design.
You can find more information about the results here: www.eyesoncs.eu/results
“Cyber security ensures that our companies can continue to compete successfully on a global scale. The new international research project at the FHM Campus Düren will deliver important results that can be implemented in practice. In particular, we are looking for approaches in the project that will make cyber security training for companies even more effective with completely new methods, such as the use of virtual escape rooms.”
Prof. Dr. Manfred Leisenberg, Head of the Examination Board Information Systems