2021, Löffler, Emanuel, Schneider, Bettina, Asprion, Petra, Zanwar, Trupti

An increasing number of small and medium-sized enterprises (SMEs) use the Internet to support and grow businesses. The application of new technologies comes with inherent risks of ever-changing cyberspace and increasing cybercrime. Previous research has shown that the human factor remains the core element in the cybersecurity chain, so it is paramount to make sure the employees receive effective training to embrace a security mindset. This study puts forward previous research that resulted in a portable escape room game to raise cybersecurity awareness. The purpose of the study is to elaborate the transformation of the physical game into a virtual learning experience to increase flexibility in times such as the Covid-19 lockdown. As main method, we applied the design science framework of Hevner et al. As main result, the research elaborates the design of the developed artifact—a virtual prototype of the escape room game addressing the cybersecurity challenges of SMEs. For the evaluation of the prototype, empirical data was collected in a qualitative study. As main conclusions we have observed that a physical escape room setting can be transformed into a virtual setting with little means without sacrificing player immersion. A limitation was identified in teaching targeted social engineering attacks.

2020, Schneider, Bettina, Zanwar, Trupti

With the evolution of information technology, more and more small and medium-sized enterprises (SMEs) are using technology to support and grow businesses. With the prevalence of the internet, SMEs are constantly evaluating and adapting new technologies such as software as a service, cloud computing, or the internet of things. All these new opportunities are coming with inherent risks of everchanging cyberspace and overgrowing cybercrime. SMEs are soft targets for cybercriminals and the need for controls is evidenced by accumulating fraud incidents, identity thefts, denial of service attacks and illicit accesses or breaches of data over the last few years. This limits the ability of SMEs to innovate and gain business advantage. Previous research has shown that the human factor remains the weakest link in the cybersecurity chain, so it is paramount to make sure the employees receive effective training to embrace a security mindset. This study focuses on developing a prototype of a portable escape room to raise cybersecurity awareness in SMEs. Evaluation highlights that the escape room method is a worthy instrument.