Published on the 26/07/2016 | Written by Beverley Head
Four out of five CEOs rank cyberattacks as one of the top three business threats – but few have first-hand experience of what it really means to be under attack…
PricewaterhouseCoopers has this year quietly introduced to its clients in Australia and New Zealand an online game that allows senior executives and board directors to actually experience what a cyberattack involves, and learn what’s needed to recover. Called Game of Threats, the gamified learning programme divides participants into two teams – one team gets to play the black hats, and the other team is the company under attack attempting to protect itself.
The security threat facing ANZ organisations is mounting. PwC’s 2016 global information security survey revealed that the number of incidents detected by Australian organisations had risen 109 percent.
The most recent report from the Australian Cyber Security Centre (ACSC) revealed that in 2014-15, CERT Australia responded to 11,733 incidents.
According to Richard Bergman, PwC partner in the cyber and forensics business, while the concern about cyberattack had “skyrocketed” and boards know that they need to manage the risk “they don’t really understand it.”
Game of Threats is intended to simulate what can happen in an attack to promote greater understanding both of organisational vulnerabilities and avenues of response.
Attack teams can choose whether to assume the mantle of a state sponsored group, organised crime gang, and insider or a hacktivist and then play compromise or breach cards which trigger responses including synthesised social network responses to give the company team a sense of what a real breach might feel like.
The company team can choose to invest in infrastructure or people, to prepare, respond and remediate a situation.
Points are awarded – and if the score is -100 the bad guys are judged the winner, if the score is +100 then the white hats win. “The bad guys usually win first, then they learn what do to and it swings to the company’s favour – pretty much like real life,” said Bergman.
The solution was developed by PwC’s innovation team in Washington DC, and tailored for large enterprises, which may put as many as 100 of their senior executives. Bergman said however that the game can be adapted locally to make it more real for the company sector and geography an organisation operates in. Bergman said that medium enterprises meanwhile could opt for a more affordable untailored version of the game, which takes about two hours to complete.
