+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

For one week, employees at this cyber security company get to play the bad guys

Feb 27, 2015, 00:41 IST

Melia Robinson/Business InsiderTeam Breaking Bad.For most of the year, employees of leading cyber-security firm Symantec work toward securing and managing their customers' information.

Advertisement

This week, they took a break from that. They got to be the bad guys.

Four years ago, Symantec launched its annual CyberWar Games, an internal event that challenges employees to walk in the shoes of an attacker. The Games simulates an information security breach modeled after a high profile incident reported in the media, and employees experience the attack from start to finish as the malicious party.

This year, more than 1,500 Symantec employees registered. On Wednesday, February 25, the best teams of four from around the world received all-expenses-paid trips to Symantec's world headquarters in Mountain View, California, to compete in the final objective.

The scenario: A hospital is conducting a clinical trial of a new drug. The attacker does not want that drug to go to market. In order to thwart the drug's success, the attacker must sabotage data being collected from patients in the trial so the FDA will not approve it.

Advertisement

The grand prize for hacking into the hospital's databases and creating a diversionary campaign to throw off suspicion? Company bragging rights.

Symantec's odd training approach isn't unique. Many businesses and government-related organizations enlist ethical hackers, or experts who systematically penetrate a computer system or network on behalf of its owners in order to discover its vulnerabilities.

Michael Garvin, a senior manager of product management at Symantec, who organizes the event, says "it's about developing that muscle memory" for when an attacker strikes.

Employees learn how an attacker can exploit networks, applications, products, and solutions, and why they might be motivated to do so. In this year's simulation, maybe the attacker was a disgruntled employee of the pharmaceutical company conducting the clinical trial, or an employee of a rival company that would prefer its version of the drug go to market first.

Advertisement

This role-reversal changes the way employees think about emerging threats and cyber-criminal tactics.

"Most of the time, you don't use these skills," said contestant Antonio Forzieri, from Italy. He works in Symantec's Cyber Security Practice department, covering clients in Europe, the Middle East, and Africa. Forzieri won the Games last year and placed second two years ago. He appreciates the chance to think like an offender and cultivate his "information security IQ."

When asked what the most difficult part of the Games is this year, he answered: "Everything."

NOW WATCH: Watch the FCC Chair's impassioned defense of net neutrality

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article