Security awareness training in a corporate setting
The 2018 Verizon Data Breach Investigation report indicates that over 90% of common breaches start with a social engineering attack. While organizations are adding security awareness training programs, it is clear these programs are not working. Diverse workforces call for a variety of training options, and different ways to engage users. Programs must ensure users know how they will be contacted by IT staff, and what to do in different scenarios. Users may need to learn the fundamentals of computers and the Internet in order to understand and retain security awareness training. In this work, we propose an interactive security education training aimed at students and industry professionals. In order to reduce barriers to learning we implement our security training in the form of a recent and familiar entertainment form called an "escape room".