Becoming a Cybersecurity Hero: Hackers in Disguise with VIVE
Giant Lazer and Sun Capital’s VR Training Simulation Transforms Employees into Cybersecurity Heroes
Training/Simulation | Case Study
4 minutes read
Becoming a Cybersecurity Hero: Hackers in Disguise with VIVE
: Giant Lazer and Sun Capital
Website: Giant Lazer - Creating innovative applications
Location : Poland
In a world where data breaches and malware attacks lurk around every digital corner, it's time for an unlikely hero to rise. Picture this: a regular employee, armed with a VR headset, transforms into a formidable hacker, ready to defend their company from the nefarious forces of cyberspace. Welcome to the captivating collaboration between IT gurus, Sun Capital, and the virtual reality (VR) maestros, Giant Lazer.
Giant Lazer, in collaboration with IT company Sun Capital, has devised a cutting-edge solution to address the pressing issue of cybersecurity awareness among employees. By harnessing the power of virtual reality (VR), they have developed a training simulation that puts trainees in the shoes of a hacker. This immersive experience allows them to gain insights into the methods hackers employ to breach sensitive data, equipping them with the knowledge and best practices to safeguard their companies and themselves from potential threats.
Giant Lazer Co-CEO Mateusz Tokarski explained Giant Lazer's goals: "Giant Lazer is a VR app developer who creates immersive solutions and changes the face of education, industry, and business. From design, through 3D modeling, to programming. Giant Lazer is pushing the boundaries of virtual reality applications - it provides innovative training programs for employees and students, simulators, and process visualizations using new technologies."
Unleashing the Unlikely Hero
The training simulation, aptly named dubbed the "Company (Un)Hacked VR Training," takes the form of a VR video game, striking a balance between familiarity and immersion. As if stepping into a Hollywood blockbuster, employees slip into the skin of a hacker extraordinaire, answering the call of a shadowy, faceless employer. Their mission: infiltrate the impenetrable fortress of sensitive data held by big banks and corporate giants. The trainee is presented with tasks to accomplish by a shadowy, faceless employer. These tasks are part of an effort to break into the private data held by a company, such as a large bank. The trainee then makes use of various tools and methods to access company data. This includes collecting information on targets within the company using social media and utilizing social engineering to gain passwords, as well as the use of malware and phishing, to gain unathorised access.
Cybersecurity can be a bewildering realm for many employees. The jargon alone—malware, phishing, CxO fraud, and social engineering—sounds like a secret language spoken only by digital wizards. Alas, the risks are all too real. According to Legaljobs.io, over 2000 cyberattacks rain down upon unsuspecting companies daily. The financial toll? IBM estimates that the average data breach costs a staggering $4 million.
The Art of Deception
Users of the training simulation can learn about Social Engineering, where hackers use techniques to persuade a target into revealing sensitive information, such as usernames and passwords. A hacker can use email, telephone, or even a direct in-person meeting to talk someone into handing over information they can then use in a cyberattack. By taking part in the Company (Un)Hacked training scenario, trainees can learn how these techniques are utilized and thus recognize when they are being targeted in the real world.
Trainees can see how common hacking tools and methods such as malware and phishing are deployed and used, such as an apparently innocuous link in an email that might promise pictures of cute cats or a 'free' USB memory stick that could contain a dangerous form of malware. Even drones can be used as part of cybersecurity attacks.
Malware itself comes in many forms and has many functions, from stealing data to logging passwords or taking over your PC to spread itself further or even becoming part of a 'botnet' of hacked PCs. These different forms can be explored and used within the training scenario so that trainees have a better grasp of what to look out for and how to act if they receive a suspicious email or private message.
Social Engineering Exposed
Tokarski feels strongly on the subject of cybersecurity training, and said, "The most important outcome of our training is employee awareness of the danger that hackers cause and the significance of human error. The Company (Un)Hacked app increases the caution of employees, who will think twice before clicking on a suspicious link."
The fully immersive application has a number of advantages in terms of trainee engagement and retention. Framing the training as a video game means that employees become more invested in the training, and will therefore retain more information. In contrast to traditional means of training, such as presentations where employees may lose concentration or fail to absorb some vital points, within the VR environment, the trainee can focus their full attention on the task at hand, free from external distractions. According to Lenovo, the retention rate for information presented in VR is 75%, compared to just 10% when information is merely read out loud.
"By using virtual reality, students stimulate their muscle memory and learn through first-person experiences. This is the key to practical problem-solving training," explained Mateusz Tokarski.
Another positive aspect is that engaging with Company (Un)Hacked training doesn’t require the use of a large meeting space or training room, nor do trainees need to wait for specific training or exam days. Trainees simply need to put on a VR headset to enter into the scenario and commence learning. For international users, there are currently three language options available: English, German, and Polish.
Tracking Progress and Certifying Mastery
Company (Un)Hacked is part of the wider LAB XR Software suite, which allows employers and training staff to see the progress made by each employee as they interact with the training scenario. This enables the necessary documentation and certificates to be easily generated once the employee has met the requisite milestones.
As Mateusz Tokarski puts it: 'Take care of your employees' knowledge and allow them to fully understand what cybersecurity is all about in an easy and pleasant way. An aware employee means a lower risk of severe losses,'" highlighted the importance of empowering employees with cybersecurity knowledge.
The comprehensive knowledge base contained within the software summarizes each lesson in VR and even offers specific tips on best practices that can be implemented during daily work life. This helps provide better outcomes for the employee and the company.
Safeguarding Data, One Employee at a Time
Even for companies and organizations that do not currently have any available VR hardware, Giant Lazer offers assistance in choosing the correct equipment for the specific use-case, whether that is the PC-based HTC Vive Pro 2 or the standalone Vive Focus 3. Giant Lazer also offers to implement the Company (Un)Hacked software within a business or organization and provides instruction on its effective use and integration with LAB XR. Demonstrations of the training software in use can be offered to those interested, with ongoing support for any questions or problems that may arise in the future.
By delving into the world of hackers and familiarizing themselves with their tools and methods, employees gain invaluable knowledge on how to safeguard data—both personal and company-related. A well-informed employee contributes to a safer company.