April 2015 sees the release of a project that has been a year in the making for us. Something that we had affectionately been calling “Choose Your Own Adventure” for most of its lifetime as we laid it out, put some meat on the bones and finally stitched it all together (no we weren’t making Frankenstein’s monster).
The project came initially from a conversation in the car on the way home from the office. We were discussing the challenges of changing the “security mind-set;” the difficulty in moving someone who believes that their “method” is successful mostly because they never see any evidence to the contrary.” How do you overcome that greatest friction of all, “it will never happen to me?”
We decided that the only effective way was to build something that gave each user full control, something that allowed you to make all the decisions about securing your organisation, just as you may do in your daily life, and to find out if you are up to the job of thwarting a targeted attack. But how to create such a thing?
Then, inspiration from a misspent youth dawned. As a young teen, I often whiled away the hours thumbing through books with titles like “The Warlock of Firetop Mountain.” Fighting Fantasy books, where at the end of every paragraph or two, I would have to make a decision and turn to the requisite page number to continue my adventure. Every outcome was based on my own decisions and I could measure my alter ego against dragon and warlock alike. Each read-through was a new adventure, many ended in failure but I learned important life-lessons and can say with certainty that I have yet to be bested by a goblin (IRL) and I put that success down to thorough training.
With Targeted Attack: The Game we want to offer you a similar opportunity, but grounded in a world that we hope is more familiar. You play the role of the CIO of a global corporation on the eve of releasing a mobile payment app that integrates biometric authentication (and of course Apple went and launched Apple Pay after we had already shot this). You will steer your organisation through the final days of the launch process, safeguarding intellectual property, and financial data and securing the corporate network against day-to-day threats.
The decisions are in your hands, the security of the company and success of its ground-breaking technology is on your shoulders, and relies on the best efforts of your team. Constrained by budgets you will have to spend wisely, planning for the unexpected, yet meeting the demands of the executive team.
We need to combat the complacency that sometimes prevails in our industry, the way that things have always been done may no longer be the *right* way to do things. Just because your incumbent security architecture tells you everything is rosy, it doesn’t mean you’re clean, as many corporations are already discovering to their cost.
We hope you enjoy this opportunity to combat a simulated attack, at an executive level, rather than having to suffer the consequences of falling victim to one (IRL).
Click to play the game here.
Please add your thoughts in the comments below or follow me on Twitter; @rik_ferguson.