Cybercriminals don’t just target systems – they target people. Nearly 70% of cyber incidents stem from preventable human mistakes, making an untrained workforce the weakest link in any organisation. Enter gamified learning: an approach to cybersecurity training that swaps out routine compliance checklists for story-driven challenges based on real-life scenarios. By tapping into how people learn and form lasting habits, it replaces passive “tick-the-box” training with active learning that sticks – building a human firewall ready to tackle ever-evolving cyber threats.
To help organisations move from reacting to threats to staying ahead of them, global cybersecurity leader ESET has launched its Cybersecurity Awareness Training – an online platform with features that have been designed to engage employees and transform how they think about protecting digital assets. More than just a game, this immersive training uses real cybersecurity challenges – blending incentives with hands-on gameplay to sharpen the critical skills needed to safeguard a workplace.
“With interactive learning programmes like ESET’s Cybersecurity Awareness Training, participants aren’t just going through the motions – they’re diving into a story,” explains Steve Flynn, Chief Commercial Officer at ESET Southern Africa. “As the training progresses, they step into the role of junior cybersecurity detectives, earning points by tackling mini-games and navigating cybercrime-themed scenarios they could encounter in real life. Along the way, rewards reinforce learning, boost retention, and build the practical skills needed to sidestep the everyday mistakes cybercriminals count on.”
Phishing attacks make up 52% of all cyber threats in South Africa, according to the latest bi-annual Threat Report from ESET. This year alone, one of the country’s largest broadcasters, SABC, fell victim to a business email compromise, with hackers infiltrating staff accounts and launching attacks loaded with convincing links and attachments. Phishing emails also brought the South African Weather Service to a standstill, crippling aviation and marine operations and taking communications and website systems offline. These breaches weren’t caused by weak firewalls or outdated software – they happened because staff were caught off guard. It’s a stark reminder that even the most advanced systems are only as secure as the people using them, placing employees firmly at the frontline of a company’s cybersecurity defence.
“Without a well-trained and engaged workforce, even the best systems can fail. Real behavioural change and a true shift towards a cyber-aware culture takes practice, and plenty of it,” says Flynn. “That’s where the ESET Cybersecurity Awareness Training phishing simulator steps in. By offering realistic tests with regularly updated templates, it sharpens an employee’s awareness and instincts – so that when a real phishing threat comes knocking, they’re not just prepared – they’re ready to strike back.”
Human error remains the constant in an ever-changing threat landscape, and as cyberattacks grow more sophisticated, the consequences of a single mistake are only getting more serious; “Historically, the challenge hasn’t been a lack of education, but a lack of engagement,” says Flynn. “Too often, cybersecurity is treated like a formality – leaving organisations exposed and employees checked out. Meanwhile, cybercriminals relentlessly exploit human error at every turn. That’s why shifting the focus from awareness to action is vital. One reused password or a careless click on a suspicious link can have devastating consequences.”
The best defence is prevention: shrinking the attack surface, cutting through complexity, and putting people at the centre of cybersecurity. By helping employees put knowledge into practice, this type of training is cracking the cybersecurity code and turning a long-standing vulnerability into an organisation’s most powerful line of defence. Learn more about the training features, capabilities, and management options here.
