salvos: A Game to Enhance Cyber Security Awareness in Sri Lankan Universities

Abstract

With the Covid-19 pandemic, the universities have completely changed their whole procedure of delivering lectures and doing other administrative and academic works. Various kinds of restrictions and lock-downs took this general education system to an e-education system. Adapting to electronic resources and internet-based teaching made it easy for distance learning. However, increasing network access and usage of other e-resources caused a significant increment in the risks for cyberattacks as well. Even though there are many controls and policies implemented in universities to mitigate these risks, the results from the survey carried among universities show they are not 100% secure. Not like other IT organizations, most of the system and e-resource users in universities are non-technical staff. Therefore, it is important to reduce user mistakes that expose vulnerabilities within the universities. To increase the awareness level of the staff, this study has introduced Salvos. Salvos is a mobile game that covers basic cyber security concepts in an educational environment. The Salvos addresses the main areas, Internet security, Malware protection, Email security, Password security and Physical security. This can be used to deliver security training to university staff in an entertaining way without being another boring instructor-led theory session. To achieve the proposed solution, 25 persons were selected from different universities and measured their awareness level using a pre-test survey. After training with the Salvos, it was evaluated using a post-test survey given to them. Further, security backgrounds in the universities were studied using a questionnaire shared among universities. In the game evaluation, analytical tests were done using R. However, a normality test was done for the pre-test and post-test results since the data set is smaller than 30. Then a paired t-test was carried out to find whether there is a significant increment in user awareness level after training with the Salvos. Among the 17 universities who responded to the survey, 100% have agreed that it is essential to provide security awareness training to academic and non-academic staff. Further, important areas identified to address in the Salvos were malware (100%), password management (88%), email threats (82%), internet security (59%) and physical security (47%). In the evaluation, paired t-test shows -68.6087 mean difference of the marks from the pre and post questionnaire. Moreover, the p-value of the test was 5.008e-15 which rejects the null hypothesis and conclude that the security awareness level of the participants has increased after the training through Salvos. This study presents the current user awareness level among different categories of the university staff and security backgrounds of the Sri Lankan universities. Study results provide evidence for the need for security training and final analysis proved that the training through Salvos can actually increase security awareness among university staff. Further, Salvos can use by staff with any background and it can easily customize for the user needs. The methods used, results collected and analysis made are further discussed in the rest of the chapters.