You have probably seen the push I am doing for Threat Matrix the game on Kickstarter and on this web site. On the web site it is there to stay, on Kickstarter it is only 18 days to go, and yes I would like you to pledge some money.
Why the big push? Well Threat matrix is a training aid. Stupid way to put it, but we use it to train owners, management and C level Execs that cybercrime can and will impact any business, organisation or department. A 30 minute session playing the game, has a profound impact on most management teams.
Just to put it bluntly – No business is too small, every business is a target and everyone has something worth stealing. But, everyone seems to think the opposite. The stats and internet show it every day. I do a daily scoop of news on the Internet and I will always fill 12 spots on my social media day with blogs and news articles that talk about attacks, hacks, compromised businesses or protection (check it out on Twitter – @smesecurity) in anything digital.
Cybercrime is here to stay, at least for a while, I have a saying “if it is created by a human then there will always be mistakes”. When it comes to technology, these mistakes, targeted by criminals, can have a devastating effect on your ability to make money and employ people.
Enter Threat Matrix, a training aid that helps the right people, the people who make the decisions, the people with access to the money, and the people who think that it could not happen to them, understand cybercrime and what to do about it.
Is it fun or is it cool?
Of course it is! The game is designed to be fun, a little tongue in cheek, but fun. It is fast, each game taking no more than 15 minutes. It is interesting – you learn quickly that you do not know everything that you need to know. It is also a lot of fun.
Is it frustrating? You bet it is. It is frustrating on two levels. Just like real life, the attacker has all of the advantage, all of the resources and all of the knowhow. The defender is hampered, once again like real life, by a lack of funds, by old thinking and more importantly by not really understanding what is involved in protecting the organisation.
When you lose, and most people lose within 6 turns, you get the chance to confront your attacker. Something that a real attack lacks. More importantly in most cases you don’t lose your shirt. The final wash up helps the defending player put more emphasis on information security. There are a lot of inexpensive tactics and strategies that will improve your security. The game explains some of them.
The second and third time you use the training aide you may still lose, but the defending player understands the requirements better, they make different decisions and more importantly have a better understanding of how to defeat the bad guys.
Do the mechanics work
We have been using Threat Matrix as a “training aide” for about 12 months, in its latest iteration about 3 months and have had a lot of fun with it.
The most important components of Threat Matrix is:
- The defending team has limited resources so they have to be deployed the right systems and equipment correctly and think through what they are protecting.
- The attacking team can use a variety of attack methods, which when combined have a bigger impact on the game (zombie armies and botnets)
- There are unknown elements that both help and hinder both sides.
Does it teach you anything
Threat matrix is a very helpful game that teaches the defender that everything that they knew about cybercrime is either wrong or under stated. Cybercrime is a clear and present danger to all Organisations that have a digital presence that includes about 99% of all business people.