October marks Cybersecurity Awareness Month, a perfect reminder that while technology evolves, the greatest threat to organizations often comes down to the human element.
Why Social Engineering Works
Social engineering, often referred to as “human hacking,” is a form of cyberattack that exploits human vulnerabilities rather than technological flaws. Malicious actors, from cybercriminals to disinformation campaigners, exploit aspects of human psychology causing individuals to compromise their own beliefs, security, and organizational data.
Using phishing emails, voice calls, social media, WhatsApp, Telegram or even SMS scams all rely on tricking us either through our human tendency to trust what looks familiar, by triggering an emotion such as fear or urgency or the fact that we are distracted and multi-tasking. Even the best trained of us can fail if our attention is diverted or we are caught with the relevant trigger.
This is why, while technical security measures are important, human behavior remains an important component in organisational cybersecurity defence.
Meet the Cyberpunks
In KnowBe4’s 2025 Cybersecurity Awareness Month kit, these tactics are brought to life through a cast of arcade-style villain cards that personify common cyber threats to make abstract threats a bit more tangible and memorable.
The Cyberpunks are classic cyber scammers, trying to fool your team into clicking malicious links or downloading dangerous attachments. They represent the social engineering tactics that catch so many organizations off guard. The Cyberpunks are one of four themed “Arcade Villains” featured in this year’s kit, which also includesDr. Deepfake, Enkryptor and the Doppelgänger.
What makes them effective as teaching tools isn’t their retro 80s flair, but by personifying threats, they turn something abstract (“be careful of social engineering”) into something tangible your employees can recognize and talk about. Instead of warning about “phishing emails using deceptive urgency cues,” your team can say: “Don’t let the Cyberpunks pressurize you.”
That shift creates a shared language around risk, making it easier for employees to spot, report, and resist real-world attacks.
Why Gamification Helps Us Fight Back
Let’s face it, cybersecurity can feel pretty boring to many employees. Traditional awareness campaigns often rely on fear-based messaging or dense technical content that fails to connect with diverse audiences. But here’s what we know from behavioral psychology: when we make learning fun and interactive, people don’t just pay attention, they retain information better and may actually change their behaviors.
That’s exactly what KnowBe4’s 2025 Cybersecurity Awareness Month kit aims to accomplish. By incorporating arcade-style elements and gamification principles, this kit transforms cybersecurity education from a compliance checkbox into a more engaging experience.
The Arcade Villain cards, along with training modules, posters and infographics, encourage teams to talk, laugh and most importantly, learn together. Every conversation that starts with “watch out for Dr. Deepfake” or “don’t let the Cyberpunks win” strengthens your organization’s resilience.
The interactive elements ensures that instead of passive consumption of security tips, your team actively engages with the content, discusses the villain characters, and participates in the gamified experience. The more we talk about things, the more we learn and adopt new behaviours.
Next Steps
Social engineering isn’t going away, it’s only getting better and AI-empowered. But with the right awareness and a culture of shared vigilance, employees can become your strongest line of defense.
