Kaspersky has made a power station scenario available to play in virtual reality (VR), in its strategic business simulation game. Thanks to this technology, a company’s decision makers and senior managers can “work” as information security specialists. It lets them learn from first-hand experience how cybersecurity-related decisions affect the business and show the connection between cybersecurity and a company’s efficiency.
As different lines of business have different KPIs and priorities, it can be hard for them to understand the specific requirements and role of other business units. This may lead to delays in approvals or arbitrary budget cuts. For example, according to a Kaspersky survey of more than 330 industrial companies across the globe, bureaucratic issues, such as a lengthy approval process (31%) and having too many decision-makers (23%), are among the most common barriers to introducing information security projects.
To convey the potential implications of cybersecurity to business executives and help them better understand this topic, Kaspersky offers a dedicated business simulation game for them. And with translation to VR, one of the most promising technologies in corporate education, the power station scenario of the game becomes even more illustrative, as top managers are now completely immersed in the information security department’s work.
All game participants are divided into several opposing teams who will play the game in parallel. They are now employees of different information security departments at power plants. With the help of VR glasses, players are “relocated” to the control center, where they can see their team members (in the form of graphic avatars) and a model of the plant. From windows, they can see plant facilities and a city that the company provides with electricity.
Their task is to create and execute an information security strategy that keeps the power plant working and generating revenue, and respond to cybersecurity events happening in the game. To do this, players need to choose a card with pro-active and re-active measures – for example, to conduct a security audit, purchase endpoint protection solutions or release a public statement in case something goes wrong.
Every reaction made by the teams affects the company budget and security posture as well as changes the plot of the game. After each turn, a game trainer shows the results for each team. The side that gets the higher revenue at the end of the game wins. If the strategy was insufficient, the players will see it with their own eyes – for example, by exploiting vulnerabilities in a company’s IT infrastructure, attackers can damage equipment, causing a blackout, or spoil purification filters, so the air is poisoned.
As a result, business executives will better understand what outcomes cybersecurity initiatives, or lack of them, have on their business and consider cybersecurity budgets as strategical investment.
“After lockdown, we moved our Kaspersky Interactive Protection Simulation into an online format. And although this was quite successful, we realized that participants lacked the physical attributes of the game – for example, they missed seeing their team members or the physical game’s paper cards. VR provides this and more – now they can not only hear when there is an explosion at the plant, but they can go to the window and see it. Such an immersive experience increases the effectiveness of training,” – comments Denis Barinov, Head of Kaspersky Academy.