Let the madness begin! The NCAA Basketball “madness” is different for everyone. Some experience the madness after a gut-wrenching triple overtime victory by their alma mater, while others after a buzzer beater shot from half-court by a 16th ranked Cinderella underdog that instantly knocks-out one of your final four selections. However, to me there is nothing more maddening, in the delightful sense of the term, to watch the facial expression of a die-hard college basketball fan —who leveraged their propriety big data analysis and game theory modeling to artfully compose their “bracket” masterpiece— when they realized they just got absolutely crushed in the office pool by the always cheerful and innocent co-worker who made their selections by comparing the team’s mascots. (Oh, and this happens more times than you think!).
For corporations and organizations, the madness tends to focus around the balance of embracing the positive team building benefits and supporting the cultural festivities with the lost productivity, misuse of resources and potential security risks. In fact, the global outplacement consultancy Challenger, Gray & Christmas, Inc. is projecting that close to 51 million workers could participate in office pools this year with costs of $3.9 billion in lost wages paid to unproductive workers (completing brackets, streaming games, and checking scores) in the first week of the tournament alone.
While the reported participation and cost numbers seem shocking, the guidance quickly shifted towards the fact that organizations should not look to suppress but embrace the madness due to the long-term damage to employee morale, loyalty and engagement.
Embrace the madness...
Therefore, in the spirit of embracing the madness, we believe Cybersecurity professionals should take this opportunity to not only test their own wit and skills, but to gamify the measurement of the impact to their own organization.
March Madness Challenge
The March Madness Challenge is a multi-cybersecurity analyst simulation experience designed to measure an organization readiness to detect critical “March Madness” activity and potential threats.
The challenge starts by setting your SECURE Email and SECURE Web Gateways, Information Governance or Adaptive DLP solution in monitor mode with “March Madness” policies to track and trace all related activity, potential threats and information sharing that occurs in and out of the corporate network.
Score your ability to detect the following “March Madness” classified events:
- 500 Points - NCAA Tournament Bracket form accessed from a major sports website.
- 500 Points - NCAA Tournament Bracket form detected entering or leaving your network
- 300 Points - Hidden information in attachment including individual, user name and organization that created or updated the document in the metadata that could be harvested or used for a phishing attack.
- 300 Points - Active-content hidden in inbound brackets or scorecards simulating malware or ransomware triggers
- 200 Points - Channel type used for Bracket distribution– email or webmail, social media, or cloud app
- 100 Points - Each 15 minutes of video streaming of live or on-demand games
- 100 Points - Social media March Madness “smack talking” posts and score according to appropriateness
- 50 Points - Viewing of popular online sports news or betting websites
Tips and Tricks
Champion scoring - To score the most points, be sure to intercept all data and analyze it for “March Madness” information levering full and partial fingerprints of the data and one-way hashing algorithms so the data cannot be reverse engineered from its original formats.
Go Undetected - In the spirit of the game, and to avoid the appearance of “big brother,” you can give your score keeper similar access to a Compliance Officer or IT Auditor in a traditional information governance implementation with access to oversee and keep score of activities and information that are detected in traffic flows without having the ability to read the content specifically.
Collect Your Prize
Finally, to be declared the “March Madness Challenge Champion” you have to perform a final after-the-fact’ analysis of all activity and shared information flows to detect all sources and exposure of critical “March Madness” information.
Game Over Summary
As fun as this might be, we don’t actually expect any Cybersecurity professional to participate in such a challenge on their corporate network. However, we do believe all organizations should have similar visibility to track and trace critical information and the capability to prevent it from leaving their organization. The question is, do you?
By: Scott Kosciuk, Clearswift North America
- Contact a Specialist for more info or demo
- Adaptive Data Loss Prevention
- Information Governance
- Insider Threat