Gamified training courses for non-IT expert stakeholders of local public transport companies

Among the most ambitious goals of the CitySCAPE project, there is undoubtedly the planning, implementation, and delivery of training sessions for non-IT experts in the multimodal transport domain.

With the precious contribution of AMT Genova and Gruppo Sigla, Kaspersky has identified the non-IT expert trainees from both inside and outside the company managing the local public transport in Genoa, involving employees and passengers. Kaspersky has developed training contents tailored for these end-users, with a special focus on zero-days attacks, as for example malwares exploiting for the first time a vulnerability in a browser or in an application.

Two new maps dedicated to the employees of the multimodal transport domain are now available in the Kaspersky CyberSafety Management Games (short name CSMG). The first CSMG map is intended for employees of the administrative area of a local public transport company. The topic list includes how to handle confidential information, email and pc security, GDPR, and more. It is set in an open space where the employees of the administrative area of ​​the transport company work, with 12 zones where cyber threats can lurk. The students can measure their skills by identifying hidden threats. A trainer leads the session, providing detailed explanations for the threats the study group will be less competent about.

The second map is for employees of the operational area, as the workforce employed in garages, the customer-care, drivers and controllers, with the target to find the cyber threats affecting mobile devices and PCs in a terminal station with garage.

The training structure is the same for both maps. During the first twenty minutes, the trainer setup the session, explaining the game rules and the main misconceptions on the cybersecurity posture of non- IT experts. Then, the gamified assessment takes place: the trainees go through the map trying to understand if the zone hides a cyber-threat or if it is safe, placing green chips on risk-free zones and red chips on zones at risk. This allow the trainer to identify the students’ gaps.

During the following thirty minutes, the trainer goes through the zones, explaining the mistakes and suggesting the solutions, using exercises and facilitating the discussion between students. The session ends with a ten-minute wrap up, when the trainer and the students come out with an action plan to be implemented after the training, with at least three action points per student, to facilitate their behavioral switch in relation to the cybersecurity and data privacy.

In September 2022, two trainers from Gruppo Sigla certified by Kaspersky conducted several training sessions based on these two new CSMG maps for hundreds of AMT Genova employees, who were enthusiastic and interested during the training, which they found useful and effective.

In the coming months, our focus will shift to the passengers of Genoa’s local public transport. Our idea is to ​​launch awareness campaigns on topics such as malware, phishing, GDPR and personal data management, exploiting the potential of a new version of CSMG accessible from a mobile device, which will allow passengers to measure their skills on these issues during waiting times at the station or while traveling from home to work.

Often a click from an unsuspecting user is enough to break through hardware and software defences. Through the CitySCAPE training tools and training campaigns, our goal is to raise the awareness among employees and users of local public transport on cyber-security and privacy topics. We want to make sure that everyone feels part of the defence strategy against any cyber-attacks, to preserve the services and the reputation of the local public transport.