Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Corporate Responsibility in Action

Beyond Hacking

- Teaching Our Customers, Employees and the Next Generation of Cyber Professionals to Think Like the Savviest Hackers
Created: 09 Jul 2014 • Updated: 09 Jul 2014
Anthony Barkley's picture
+1 1 Vote
Login to vote

According to Symantec’s 2013 Norton Report, the total global direct cost of cybercrime (US$113 billion; up from $110 billion) and the average cost per victim of cybercrime ($298; up from $197) increased in 2013. Additionally, a 2013 study by Hewlett-Packard states that the average cost of a cyberattack on a U.S. company is $591,780 -- and this is only increasing.  

The fact is, we are becoming more mobile, more open to cyberthreats and at the same time, cybercriminals are becoming more savvy, and harder to track. To combat this, businesses (both IT security companies such as Symantec, and our customers) are increasingly turning to Cyber War Games in the hopes that they can train their employees to stay one step ahead of today’s savviest cybercriminals.

Symantec’s Cyber War Games and Cyber Readiness Challenge

At Symantec, we are always looking for ways to build programs that ensure our employees are ready and prepared to address the ever changing, extremely complicated cyber security challenges that our business and customers face. Three years ago, we therefore developed our own Cyber War Games, an engaging, intensive program that would ask our employees to think like their cyber enemies, think like hackers.

To many this may seem risky or strange to encourage our employees to learn to operate like hackers. However, we developed the program with the thought that for ourselves and our customers to protect against cyber perpetrators, to help our customers understand the potential threats they face, we must understand what weaknesses and entry points cyber criminals look for, we must see the online landscape from their perspective. One of the most important messages we try to convey through this exercise is that it doesn’t always take a huge amount of experience or knowledge to access weaknesses in cyber security so it is crucial for companies like Symantec, and our customers to ensure they are completely aware of all possible vulnerabilities. 

While the program was originally developed for our product development teams, we’ve now opened it up to everyone in Symantec – including development, IT, marketing and finance teams. Everyone brings a unique perspective to the event and this has helped us show our employees why every component of our product development process, everyone’s input and role is crucial to ensuring a safe online experience for our customers.

We have been running the Cyber War Games for three years and it has been extremely successful. Each year we choose a theme to base the games on. The first year challenged participants to hack into a government infrastructure, the second into a large oil and gas company, and our latest this February challenged participants to hack into a fictitious financial institution. This year’s Cyber War Games included over 1,000 employees and through a series of events they are weeded down to the finalists who compete in Mountain View.

It is great to see how dedicated and involved employees become in the Cyber War Games. Many are spending time outside of this competition to learn languages and frameworks that they aren’t necessarily using in their day to day jobs.

Bringing the Cyber War Games to the Market

Following the Cyber War Games, we realized the opportunity and benefit of offering this unique event to our customers and the wider market. We therefore developed the Cyber Readiness Challenge, an immersive, interactive capture the flag competition that models scenarios after the current threat landscape using realistic IT infrastructure. Similar to the Cyber War Games, it is designed for many levels of technical skill and experience, and it puts participants in the hacker's shoes to understand their targets, technology and thought processes so they can ultimately better protect their organization and themselves.

We offer the Cyber Readiness Challenge in 2, 4 and 8 hour increments, both in person and online. Since the launch of the Cyber Readiness Challenge in 2013, we have hosted 40 events at locations globally with nearly 4,000 participants. We’ve also expanded the Cyber Readiness Challenge and partnered with top universities so not only our customers, but our future IT professionals are equipped to defend the most savvy cyber criminals effectively. We are hoping in the future to rollout a collegiate competition centered around the Cyber Readiness Challenge. 

Both the Cyber War Games and Cyber Readiness Challenge have been extremely successful. As customers learn more about how hackers view their IT infrastructure, we are simultaneously teaching them about the right processes and technologies to address these issues so they are a step ahead and don’t fall prey to these.

In fact last year, we were highlighted by Fast Company for this innovative and engaging program. Symantec Vice President of Product Management Samir Kapuria was quoted in the article discussing the importance of this initiative:

"In every other high-risk environment--be it race car drivers or doctors--people have a practice space to hone in on their skills and innovate," Symantec vice president of product management Samir Kapuria told Fast Company. "In our domain, where you have active adversaries trying to steal money or intellectual property, or hactivists, there's no place for us to learn and innovate in a safe environment. That was the inspiration for this."

Additionally, for our employees it has not only increased their skills and knowledge, but it has also helped them get excited about how passion and innovation in every role drives success at Symantec.

Our goal is to ensure a safe and secure world for our customers, as well as foster a challenging and constantly engaging workplace, where our employees can grow and expand their skills every day - this program is doing just that.  

cybergames1.jpg

Symantec’s Cyber Readiness Challenge ensures customers and future IT professionals are equipped to defend the most savvy cyber criminals effectively.

cybergames2.jpg

Challenged to “think like a hacker” customers and students take part in Symantec’s Cyber Readiness Challenge and aim to replicate the work of the savviest hackers. 

cybergames3.jpg

From hacking into a fictitious government or financial institution, Symantec’s Cyber War Games and Cyber Readiness Challenge replicate real-world situations to provide employees, customers and students the tools and know-how to identify and address the latest cyber threats.   

 

Anthony Barkley is Symantec's ‎Director of Product Management, Information Security Services Group