There’s no better way to learn something than by doing. With this in mind, Symantec created CyberWar Games, an innovative approach to understanding the cyber threats our customers face every day by giving employees the opportunity to walk in the shoes of the attacker. CyberWar Games allows employees to better understand an attacker’s motives, tactics, techniques, and goals from the hacker’s point of view. Similarly, when a pilot goes through the process to obtain a pilot’s license, they don’t just read a few books, hop into a cockpit and fly the next red eye off of the runway. Instead, they’re trained in classes and spend hours upon hours in simulations before even touching the controls of a real plane. In the same fashion that pilots are trained, we are training our employees to become stronger experts in cyber security.
Four years ago, Symantec’s Cyber Security Services, launched our first annual Cyber War Games, an internal event that provides Symantec employees the opportunity to better understand the challenges that present themselves within the cyber security landscape. The games give Symantec employees of all technical levels a first hand opportunity to learn how an attacker can exploit networks, applications, products, solutions and more, through a simulated real world environment. Obtaining this unique knowledge about threats allows our employees to help cultivate their security IQ and change the way they think about emerging threats and cyber criminal tactics. One employee, who previously participated in the games, stated “The challenge gave me more insight on what I should focus on when doing internal audits and securing our network.”
CyberWar Games simulations differ from regular training exercises, in that they are a fully immersive experience. Instead of having our employees go through disconnected individual hacking exercises, CWG provides a complete interactive challenge with an objective. This allows our employees to experience an attack from start to finish and understand the tools and thought processes that hackers commonly use. The simulations are modeled after high profile incidents reported in the media, and use the five phases of an attack: reconnaissance, incursion, discovery, capture and exfiltration. One employee commented “The realism of the games are beneficial, I thought all the scenarios were well thought up, very similar to real world situations and things that could happen. The challenge really makes you think a bit more about security.”
The games are open to all Symantec employees, not just the security experts, and are designed to include individuals with little to no technical experience. As a result, all of our employees, no matter their role in the company have benefited from the games. On how well rounded these events are for all Symantec employees, another participant said, “I look forward to seeing future events like this. In security training, there is a lack of practical hands-on experiences for many admins. This event provided a fantastic experience to both new and old members of the security field.”
CyberWar Games have also helped empower employees on the sales teams to better communicate the value of our products and services to our customers, and have overall helped employees worldwide improve their existing skillsets.
As a result of participating in the games, and knowing how the adversary operates, Symantec employees are improving our products and services and ultimately helping our customers to prepare, detect and respond to the threats of today and tomorrow.