It’s one of the most exciting and sensationalized weeks of the year – no, the RSA Conference is just around the corner – it’s Super Bowl week. Fun and games for all. Non-sports viewers will delight in the half-time music entertainment and some of the world’s most creative and expensive advertisements, while others will contribute to the consumption of over 1.3 billion chicken wings (National Chicken Council), 11 million pounds of chips, 4 million pizzas and 50 million cases of beer (Food and Wine). Oh, and football fans will have the actual game to watch. So what does the Super Bowl week uniquely offer Cybersecurity professionals?
The Cybersecurity Super Bowl Game:
(Please - don’t try this at home!)
Cyber Security professionals can test their wits and analytical skills during Super Bowl week through a multi-player Adaptive Security simulation experience designed to measure an organization’s readiness to detect “Super Bowl” activity and confidential information sharing.
How to Play:
The game is played by setting your Adaptive Security solution in monitor mode with “Super Bowl” policies to track and trace all related activity and information sharing that occurs in and out of the corporate network (similar to what is needed to comply with PCI, HIPAA or GDPR).
Score points for each time the following “Super Bowl” classified event is detected:
- 10 Points – “Super Bowl Squares” betting forms hosted on cloud collaboration tools such as Dropbox, Box, Google Docs, Microsoft OneDrive, etc.
- 5 Points – Email invitations to a Super Bowl Party
- 3 Points - Viral forwarding of pre-released Super Bowl advertisement trailers
- 2 Points - Social media Super Bowl “smack talking” posts
- 1 Points – Viewing of popular online sports news or betting websites
- Bonus: Double point scores if you detect confidential metadata, such as author, user name and OS/app versions hidden in any documents.
Tips and Tricks:
- Champion scoring - To score the most points, be sure to intercept all data and analyze it for “Super Bowl” information leveraging full and partial fingerprints of the data and one-way hashing algorithms so the data cannot be reverse engineered from its original formats.
- Go Undetected - In the spirit of the game, and to avoid the appearance of “big brother,” you can give your score keeper similar access to a Compliance Officer or IT Auditor in a traditional information governance implementation with access to oversee and keep score of activities and information that are detected in traffic flows without having the ability to read the content specifically.
Collect Your Prize:
Finally, to be declared the “Super Bowl Cybersecurity Game Champion” you have to perform a final after-the-fact’ analysis of all activity and shared information flows to detect all sources and exposure of critical “Super Bowl” information.
Game Over Summary:
Okay, as fun as this might be, we don’t actually expect any Cybersecurity professional to play such a game on their corporate network. However, we do believe all organizations should have the visibility to trace confidential information at such a granular level and prevent its theft or from leaking accidently.
By: Scott Kosciuk, Clearswift North America