Cyber Security Lessons from Competitive Gaming

Series Introduction

I have always felt that we have as much to gain from looking at how other industries operate as we do from looking within the bubble of our own. When we look within the bubble it's easy to just follow the same path as everyone else. Even if this means doing it better than the competition it doesn't necessarily mean doing it differently which can be 10x better.

There are many examples of this. One example is the founders of Air B'nB who did not have a hospitality background. So they looked at the industry through a new lens from those already operating in the hospitality bubble.

So with this in mind I'm writing a series of Lessons from a variety of pursuits, activities or industries for the world of Cyber Security. Of course inevitably there will be many similarities in lesson topics across these however the value is not just in the difference. It is also in how they approach addressing these topics and the challenges they each address.

In the last Episode I covered the world of Formula 1 which, aside from being a personal passion also coincided with the Formula 1 being in Melbourne. This episode we look at another personal passion of mine. Let's look at Cyber Security lessons from Mountain Bike Racing.

Five lessons from Competitive Gaming for Cyber Security

Competitive Gaming and the world of cyber security are very different in some many ways, however there are several lessons to be learned from gaming for those in Cyber Security

1.Thinking Outside the Box

In gaming, players often have to think creatively and "outside the box" to succeed. This same approach can be applied to cybersecurity, where security professionals must anticipate and respond to new and unconventional attack methods. By thinking creatively and applying novel approaches to security, security professionals can stay ahead of cybercriminals and better protect their organisations.

Thinking creatively in a business cyber security sense requires the compilation of a team with diverse thinking. People that think different. Some CISO's actively seek to build teams that many would regard as 'quirky.' However diversity can take many forms. One of the reasons cited for the CIA's failure to prevent the 9-11 terrorist attacks was lack of diversity in the organisation. Far too many "White, Ivy League Graduates."

2.Threat Modeling

In gaming, players must analyse their opponents' strengths and weaknesses to develop a winning strategy. In cybersecurity, threat modelling involves analysing potential attackers' tactics, techniques, and procedures (TTPs) to identify weaknesses in the organisations security infrastructure. This approach helps security professionals prioritise their security measures, allocate resources more effectively, and develop more effective security strategies.

3.Simulation and Testing

Many games feature simulations that players use to practice and improve their skills. Similarly, cybersecurity professionals can use simulations and testing to identify vulnerabilities in their systems and networks and test their security measures against various attack scenarios.

As an example the Australian Government has announced that Australian Bank will conduct cyber war games to test their cyber security resilience. Many business also conduct penetration testing, for example, which involves simulating attacks against an organisation's systems and networks to identify vulnerabilities and weaknesses in their security infrastructure.

4.Adapting to Change

Gaming requires players to be able to adapt quickly to changing environments, opponents, and conditions. Similarly, in cybersecurity, security professionals must be able to adapt to new and emerging threats, such as zero-day exploits or new attack methods, and adjust their security strategies accordingly. They must be proactive in their approach to security and be able to anticipate potential threats and vulnerabilities.

5.Risk Assessment and Management

In gaming, players must assess and manage risks to succeed. Similarly, in cybersecurity, security professionals must be able to assess and manage risks to protect their systems and networks effectively. By identifying potential vulnerabilities and assessing their potential impact, security professionals can prioritise their security measures and allocate their resources more effectively. Risk management involves developing effective security policies, procedures, and protocols to mitigate risks and respond to incidents promptly and effectively.

By applying these lessons from gaming to the field of cybersecurity, security professionals can better protect their organisations against cyber threats. They can develop more effective security strategies, stay ahead of emerging threats, and improve their overall security posture.

Please provide feedback and if you haven't already please subscribe to this newsletter and share it with a friend. The next lesson for Cyber Security will be from the world of ??? stay tuned!

Mark Williams - Founder - www.quigly.com.au