Sivarama Krishnan, Leader, Cyber Security, PwC India
New-age attacks are handcrafted, state-motivated and driven by innovation, to bypass the typical standards of cyber defence. But is this constant change considered adequately to influence an organisation’s decision? What would it take for an organisation to shoulder the responsibility of combatting attacks?
The organisation needs to understand that there is no silver bullet for neutralising a cyberattack, since a successful strike comprises multiple threat vectors. There is also a limit to the resources (people, processes and technology) that can be spared for preventing attacks; even the portfolio for an attacker is wide open and so are the complementary defence solutions. In a catastrophic situation, the response time for the organisation to think and react is even more reduced. All these factors adversely affect the revenue of the company and lead to a loss of customers. This is, indeed, a cyber maze that needs to be navigated.
Experience the cyber maze through gamification
PwC presents Cyber Warriors, asimulation of key decision-making parameters to realise the concept of cyber security by helping the players learn about core cyber defence solutions and exposing them to the arsenal of new-age cyber weapons.
Explore how your decisions impact revenue and customer confidence in real time, through gameplay, in the event of a cyberattack. Gamification reflects the use of game thinking, including game progress mechanics, player avatar control, rewards, penalties, collaborative problem-solving and competition, when in a non-game situation. This can be used to enhance security awareness, and the results are tightly connected to the real world.
Cyber Warriors: Key objectives
- Recognise the reputational, customer and financial impacts of cyber threats in a simulated environment
- Simulate effective use of company resources (costs incurred) to contain attacks, with around 2,000 scenarios that demonstrate the impact of attacks and effectiveness of potential defence solutions, thereby creating a situational awareness of cyber security
- Understand and build awareness of the right amount, priority and kind of investments in cyber security to protect company assets
- Assess how to anticipate and proactively manage risks to business objectives, and improve the company’s security posture
The business impact of a cyberattack is a pivotal decision-making attribute for board members, and in this context, Cyber Warriors becomes a tool for the board. The game runs in proactive and reactive modes of defence, combatting breach, compromise and attack. Based upon a real-time threat scenario, the defender is given an option to mitigate the attack and protect the organisation.
The two game roles are ‘attacker’ and ‘defender’. The defender makes effective use of firm resources (people, processes and technological solutions), while the attacker strikes, compromises and breaches security using the information and resources supplied to him. The game relates the impacts of an attack in terms of revenue, customer confidence, time elapsed, costs incurred, resources bought and symptoms of the attack, and also shows the effects of the solutions deployed by the organisation (defender) in the common zone, known as the War Zone. The side that makes the maximum impact as calculated based on these parameters is the winner.
With this objective, the gameplay takes the firm through many cyberattack simulations, so the organisation can choose the optimum solution for defence and realise the return on investments. A game recap provides detailed analysis of the attack vis-à-vis the solution map, cost details, revenue change map, customer confidence map and the return on investment.
Ashish Bhugra, Manager, Cyber Security, contributed to this article, with inputs from Aditya Jain, Consultant, Cyber Security and Sarvesh Jha, Sr. Analyst, Cyber Security. For more information on our Cyber Security services, write to email@example.com.