Ready to play the Game of Threats? New virtual game tests the cybersecurity skills of senior executives

Game of Threats

November 11, 2014

by Laurie Schive, Emily Stapf, Craig Stronberg.

A bead of sweat rolls down the CEO’s forehead as her screen flashes red. An alert warns her that IT sensors have detected the launch of a cyber attack against her company by an organized crime group. Working alone or with her team, the executive quickly strategizes, decides how to block the attackers, and braces for the next hit. The CEO’s mind begins to race. Will the security systems the company implemented keep the criminals at bay? She watches with her executive team as they repeatedly try to penetrate the company’s cyber defenses. Each attack appears denied. In a last-ditch effort, the criminals attempt to launch ransomware against the company. The chief executive and her team quickly reverse-engineer the malware and defeat the adversaries. The CEO exhales and collapses into her chair. “Wow. That felt real,” she thinks to herself.

The executive was playing PwC’s new virtual cybersecurity challenge, Game of Threats,™ and real is exactly how David Burg, PwC’s Global and US Cybersecurity Leader, wanted the experience to feel. Designed by PwC, the interactive game simulates a cyber breach so clients can experience what it’s like to respond to a cyber attack as well as act as a hacker and other cyber adversaries. The end goal is for senior executives and Boards of Directors to test and strengthen their cyber-defense skills, and to learn in a different way how decisions and decision sequence make a difference, a difference that could very well be strategic to the company.

To inspire executives to invest in the outcomes, Game of Threats™ engages players with high-intensity action and taps into their natural desire to defend their systems and defeat threat actors that target their companies. Players are divided into teams of company and threat actor, with intense competition on both sides, as IDC financial services analyst, Jerry Silva, discovered after playing several rounds of the game.

“CEOs read the headlines and they think cybercrime won’t happen to them,” according to Burg. “Game of Threats helps them understand what can happen when the risk of a cyber attack changes from an ‘if,’ to a ‘when.’”

The game challenges players to make quick, high-impact decisions with minimal information. This high-pressure environment helps executives assess their readiness to respond to a breach and practice striking the right balance between taking action and ensuring that the necessary cybersecurity resources are available and properly used. Players also learn to manage the opposing forces of offense and defense over a sustained period of time. Equally important, they learn to think calmly and critically in the midst of chaotic and uncertain events. Playing the role of threat actor helps executives get inside the minds of adversaries, giving them a unique opportunity to see the situation from the criminal’s vantage point. Doing so can help them better understand how threat actors strategize, prioritize, and react to a company’s cybersecurity measures—and then form their own risk calculations.

These days, major cybersecurity breaches make headlines on a regular basis. As incidents multiply in frequency and cost, the cybersecurity programs of US enterprises must be strengthened to rival the persistence and technological prowess of sophisticated cyber adversaries. Game of Threats™ provides a virtual training ground in which executives can sharpen their cybersecurity skills and become battle ready as cyber-attacks intensify.

Wonder what it was like to design and build Game of Threats? Click here to read about the process and the lessons we learned.

Game of Threats™ is a cybersecurity solution that PwC is offering as a stand-alone service or as a solution packaged with other Forensics and Cybersecurity solutions such as crisis management services, tabletop exercises and incident response reviews.  If you’re interested in learning how you can bring PwC’s Game of Threats™ to your organization, contact Craig Stronberg at craig.d.stronberg@us.pwc.com.

Previous post:

Next post: