As a member of the Association of Certified Fraud Examiners, I had the opportunity to observe a demonstration of Game of Threats at the San Francisco office of PriceWaterhouse Coopers. Game of Threats is a turn-based cyber attack/intrusion simulation that is designed to prepare the C-suite and senior staff on how to make decisions during a cyber incident. Those decisions can depend on many factors that ultimately have implications on how the company moves ahead with its business.
In the scenario I witnessed, a nation state was pitted against a mid-sized defense company. Each team has its own resources in order to carry out or mitigate an attack. The nation state team resources included a compromise specialist, an attack specialist, and a breach specialist. The defense company’s team resources encompassed a PR firm, external counsel, an incident response firm, a chief information security officer, and a security operations center. Other tools that can be utilized in the simulation are anti-virus software, a spearphising monitoring system, an intrusion detection system, a firewall, and a data loss prevention system.
Game of Threats is a great exercise on how to formulate the right strategies and tactics while reacting to an active data breach. It is also a great way for officers and directors in a company to better understand how the incident management process takes place when a company is under attack.
Be sure to visit the PWC website to find more information on Game of Threats, here.
Kamal Hubbard is a lawyer by training who is certified in Fraud Examination, Cybersecurity, and Decentralized Finance.