Imagine having to read pages after pages or long instructional notes, with complex wordings and abstract content, on the Dos and Don’ts to avoid being cyber duped or attacked. Just understanding the basics of a concept as heavy sounding as ‘Cyber Security’ or ‘data privacy’, may not be much of a challenge for people oriented towards technology, but for non-technical minds it could feel akin to entering a black hole. Worse still, imagine retaining all that information! Even for technically sound minds, spending their time on mundane details could be quite off-putting.

Now imagine a humorous interactive video, or a game, taking you through the concept and all its aspects. Imagine a cyber security toilet where you can play games on the topic while doing your business and create security settings with a click. Might sound a little gross, but familiar, no? Fun perhaps?

Well, a group of students at Germany-based Hasso Plattner Institute Design School (HPI-D) thought it was.

“If you think a bit more about it, the toilet is also a sacred place. You don't want to be breached in there, because it is a private space, right? Same with the computer,” explains Ferdinand Wagner amid peals of laughter and giggles from fellow teammates from HPI-D.

This team of young students at HPI-D have been working on a module to help the employees of German energy solutions and supply company, Uniper, understand the concept and aspects of cyber security. Awareness and vigilance on cyber-attack threats in day-to-day situations, in tasks as simple as checking emails or web browsing, or using public Wi-Fi network, is the core goal of the team.

“Awareness,” as Canadian author and spiritual teacher Eckhart Tolle puts it, “is the greatest agent for change”.

According to a study by American cyber security solutions company, Check Point Software Technologies, all organizations are vulnerable to cyber threats. It noted that cyber-attacks increased 28% in Q3 of 2022 when compared to same period in 2021. This translates into a weekly average of over 1,130 attacks per organization globally.

The cost of such attacks to organizations too is unsettling. The World Economic Forum (WEF) estimated that data breaches cost an organization an average of $ 3.6 million per incident. It found that companies need around 280 days to identify and respond to cyber-attacks.

Not just organisations, but individuals too are exposed to such attacks given the omnipresence of technology and interconnectivity in our lives.

No wonder then Uniper’s Director of Data Management Dr. Christoph Waidacher calls cyber security one of the most important topics of our times. Yet, it is a topic not many people take very seriously.

For Uniper, the sheer scale and nature of operations makes the topic even more relevant and crucial.

“We are a multinational energy company, and that means we combine the business models of running assets of different types… of course, that brings quite a lot of challenges regarding information security,” said Dr. Waidacher.

“We are actually providing infrastructure services that are of critical nature for, for society… So, we have the responsibility to make sure that this infrastructure is available, it's running and it's performing as it should...” he says, adding – “Again, this is a data heavy, high paced, fast activity, in which we need to make sure that we keep the company safe for its operation.”

Dr. Waidacher sees cybersecurity critical to running Uniper’s operations and the respecting the data of its vast user base. With this criticality in mind, Uniper partnered with Infosys and HPI-D to train its employees on identifying and thwarting such attacks.

At the very start, the students at the design school were introduced to the project and Uniper’s goal. Several interactions, with Uniper employees across verticals, helped them get an in-depth view of the company. Students were also able to learn about the work culture, where the company stands in terms of information security, and the view of colleagues on the subject. Some Uniper employees attended design workshops to understand the whole construct and approach.

Uniper’s Philipp Ludwig recalls how students had exciting methods to get the team away from the main line of thinking and exploring all the opportunities at hand.

“At first, we were steering into different directions and looking at a lot of options. And then we were steering towards one solution that we would pick out of a few possible ideas,” he said. “It was basically switch between design sessions, design workshops, and then interviews to test our progress, how it how it works with our colleagues”.

Through several of these workshops and interactions, students were able to form their ideas on how to approach the problem from the design thinking perspective.

The cyber toilet project was one of the 18 ideas that students of HPI-D had tossed in the ideation stage.

“Design thinking is a user-centric approach, we think about the user. What does a normal employee of a company do during the workplace? I mean, obviously, if they have free time, or if they have the need to have to go to the toilet, right? So, we thought maybe, this is a nice approach, to bring cybersecurity training a little bit more into their life,” said Wagner.

The cyber toilet idea, sadly, didn’t hold steam, but they came up with an equally creative application.

Not a boring solution

Using the powers of humour and sarcasm, the students designed the application -- Cyber Tiger and Sly Fox.

Rashmi Kashyap, a cybersecurity expert at Infosys said, the app is meant to be on every employee’s laptop. It comprises training, fun codes or ideas around the topic of cybersecurity, yet “it is not an app that is monitoring you”. It is basically a security assistance that is not involved or annoying.

She adds the app will also help as a refresher course which the user can go to from time to time, as periodic interventions are important for the purpose to be served. Yet, “it should not feel like an imposition, it should not feel like a punishment, it should be something that the person should want to know”.

Dr. Waidacher reckons that although the idea of the cyber toilet was rejected, it created and openness to something that is a really engaging way of making people aware of what is being talked about.

“At the end, I think humour is a major element of creating that space for, for innovation. And that's what we what we saw there,” he said, adding that is also the best way to learn about a topic. So, although is paradoxical that a topic as overwhelming as cyber security should be simplified using humour, that is perhaps the best way to help employees understand it better.

Gamification in cyber security awareness training has been touted as one of the most effective ways of communicating to employees and ensuring retention of information. It could be adventure games, puzzles, simulations games, or visual novel format that present real life scenarios for the trainee to relate to.

“To make it more fun, I think gamification is very important. Coming up with the more playful approach, which helps people to think of it as: ‘Oh, there is a nice little helper, there is a kind of system, which you just have to set up and start and then it alerts me, it gives me some hints to deduce things in a different way’. I think that is an interesting outcome,” said Prof. Uli Weinberg, Director School of Design Thinking at HPI-D.

As for the students, the final solution is reflective of the fun and learning they had during the exercise. In unison, they agree, that the very idea of solving a problem is an exciting place to be in.

Interestingly, some students were not fully aware of the importance and concept of cyber security. Not surprising, because many are from varied educational backgrounds and interests. Therefore, the thrust to make the topic interesting was bigger.

“When I learn something new and it can be really boring how can I make it interesting for others?” pondered one.

Lisa Mindthoff recalls approaching the task with an open mind and discovering something new every day.

“It's just fun, and really exciting to explore the golden nuggets that are under the surface, and that you don't know anything about… and to also follow your intuition and your gut feeling. And not be super goal-orientated to have a goal in mind… I think in the process of design thinking in our project, it's to be open for everything that comes along the way. At the right or left side, or even behind sometimes,” she said.

A collaborative approach to solutions

Innovative thinking, out-of-the box solutions, and a collaborative approach to designing a solution form the core of HPI’s education programme. The students are encouraged to think in a non-linear way.

The diverse geographical and educational background the students come from, makes HPI a melting pot of different experiences, fresh perspectives, and approaches.

“It's very important to have diversity, and to not have just the experts in security, in IT security. It is important to have, maybe, a lawyer looking at the same thing, a designer, maybe a mechanical engineer, maybe an architect, and we have this kind of diversity and diversity is key,” said Prof. Weinberg.

“The world we're living in right now, I think all new ideas, most of the important ideas are not just coming out of one discipline, out of one silo, it's the combination, it's the connectivity between the different areas. And that is the key thing here”.

He also stresses on the importance of cultural diversity because it helps in tackling the same challenge in different cultural contexts.

Diversity plays a significant part in a team or the collaborative approach that the school is trying to promote as opposed to an individual, competitive approach.

For long, our educational systems have stressed on grades and individual performance for progress. Prof. Weinberg says this approach is no more relevant in the 21st, highly connected century. Not more, when it comes to design thinking and problem solving.

“I like this blank page. And when you combine people as books and pages, you make a beautiful canvas and painting this is wonderful,” said Felix Schmalenbach, another HPI-D student. “You're not a blank page, you're like, third or third page and you can bring it to the table and other people can share. Like, you can share it with other people and people learn from your experience.”

In fact, this project itself is a shining example of the wonder collaborations can do.

“I see the fertile intersection of collaboration between companies like Infosys, Uniper, and the HPI-D school,” said Dr. Waidacher. “You have a company like Infosys with all your technology and implementation experience. You have the HPI-D School, which is really a leading institution in terms of design thinking, and then you have Uniper as one of the leading energy companies with our specific knowhow and the specific questions that we want to get solved”.

“I think this is a fantastic mix, and it's setting us up for success”.