Interactive Security Awareness Training Platforms developed to raise security awareness against cyber threats targeting small/medium-scale organisations across Wales.

Impact: Social impacts

Description of impact

Cyber security is now a major risk for businesses and individuals. Welsh Government have funded two collaborative projects with USW Computing & Maths Department and Tarian (Regional Organised Crime Unit) through their cyber resilience fund to raise awareness for small/medium enterprises (SMEs) in Wales. £45,000 has been awarded to create a phishing awareness and training platform, and a cyber resilience simulation game to enable SMEs to upskill their staff with minimal costs and disruption.
Phishing is the number one cause of cybersecurity breaches. It is linked to 90% of security breaches and incidents over the last twelve months. Typically, a Phishing simulation and exercise platform can cost several thousands of pounds, and many small/medium scale business are simply unable to cover these costs. The idea behind developing a similar and effective free alternative, that not only identifies those employees at risk of clicking phishing emails, but also offering an industry standard interactive training package (with English/Welsh narration) to enhance their awareness of Phishing attacks and protect against them. The product is branded with the title “Not2Phish”. The solution offers an online phishing awareness training with quizzes and reporting tailored to specific organisations, as well as a simulation feature with real world-based scenarios. Other regional organised crime units and the National Cyber Security Center (NCSC) have already shown interest in the Not2Phish product for adapting the product for their security awareness programs. Cyber Skills awareness, on the other hand, acts as a prophylactic, both as a means of safe guarding against potential attacks, and setting the correct context for the consideration of risk. Learning from mistakes is effective, but ultimately costly in the real world. 
The C.H.O.I.C.E.S. simulation game – loosely based upon an existing physical board game, using Lego pieces, developed at the University of Bristol – enables SMEs and other businesses to run several simulated companies through four years of operation, encountering key decision making events in attempting to protect their company from the potential of cyber attack. Several scenarios (different company types) exhibit different realms of risk: from a small office up to running a power plant. This game is both available as a standalone web-based game, and a Tarian officer run interactive experience.The game has been trialed with local SMEs to great effect, and a Welsh language version is soon to be available. It has been contrasted with other simulations and games that address the same area of awareness and has been favourably compared, as it allows for business decision making, which better reflects the real world risk versus cost consideration that real companies face.
TARIAN won the National Cyber Policing Business Protection Award 2019 for their work with local businesses on cyber-crime prevention/detection, and both of these platforms have included in their offering. 
Both products support the UK NATIONAL CYBER SECURITY STRATEGY as they focus on small and medium businesses in effectively managing their cyber risk. Further, they also promote the use of Cyber Essentials as government accreditation for small and medium scale businesses.

How did your research contribute?

Both projects will helpful to identify the security weakness in the human element of using Cyber space. And they will help to develop and provide effective measures(security awareness solutions) against those weaknesses.

Who is affected?

Small and Medium Scale business and general public in Wales – beneficiaries
Impact date1 Apr 201931 Mar 2022
Category of impactSocial impacts
Impact levelIn progress