Τα τελευταία χρόνια φαίνεται ότι δεν υπάρχει τίποτα πιο σημαντικό από την αποτελεσματική και safe λειτουργία του παγκόσμιου χρηματοπιστωτικού συστήματος. Τρισεκατομμύρια δολάρια κινούνται σε όλο τον κόσμο, μέσω ενός συστήματος χρηματοπιστωτικών υπηρεσιών. Οι περισσότεροι καταναλωτές έχουν τις υπηρεσίες αυτές σαν δεδομένες. Θα πληρωθούν, και τα χρήματα θα κατατεθούν άμεσα στον λογαριασμό τους, θα πληρώσουν τους λογαριασμούς τους, χρησιμοποιούν την κάρτα τους στα ΑΤΜ για να πάρουν μετρητά, και θα κάνουν τις αγορές τους από το διαδίκτυο. Θεωρούν ότι χρήματα τους θα πρέπει να είναι ασφαλή και είναι ασφαλή.
The CyberWar Games 2014 of Symantec have set out to demonstrate how well what consumers believe. Symantec CyberWar Games is the spiritual child of Samir Kapuria, vice president of Symantec in the Information Security Team. In Symantec's "game", teams compete, and earn points by creating or discovering exploits. From this process, the top ten teams will travel to Syracuse's Mountain View headquarters in California to compete in the final.
Not just Hackers
Over 1.100 Symantec employees participated in the contest, such as developers, accountants, lawyers, sales staff as well as technical staff. While many different departments tried their luck in this hacking game, most of the finalists were technicians and developers. The goal was to create cross-sectional groups that understand current threats and threats, including the underlying systems and industry processes. Employees who could or could not understand the technical processes because their work was different (ATM networks, payment processing, capital and foreign exchange) all played a part in Symantec's games. The intention was to develop not only defense from attacks on technology but also in business processes.
School defense training
The intention of the games, as explained by Samir, is to teach defenders to think like invaders, so they can be better defenders. OR Symantec wants to change the way defense advocates think and in many ways redefine the defense problem. These games provide Symantec with valuable insight into how to create better products and services, and how it can provide turnarounds to technology vendors and its customers about hardening their businesses against attacks.
Symantec has, over the past three years, genuinely re-created scenarios of industrial attacks, using real customer systems. Last year, Symantec focused on the oil and gas industry. Unlike well-directed events, Symantec's war games are without scenarios and teams are as free and creative as they should be to win.
True Scenarios
Τα CyberWar Games 2014 της Symantec, δεν παρέχουν προκαθορισμένες λύσεις στα προβλήματα. Οι χορηγοί του παιχνιδιού δίνουν ελάχιστες οδηγίες. Δείχνουν την bank και λένε “Καλή διασκέδαση.” Οι ομάδες είναι ελεύθερες να επιτεθούν οποιοδήποτε system της τράπεζας, συστήματα πιστωτικών καρτών, δίκτυα ATM, επιτόκια, ακόμη και στο θησαυροφυλάκιο της τράπεζας ή και τις θυρίδες ασφαλείας σαν μέρος μιας φυσικής επίθεσης. Για παράδειγμα η Symantec έχει πράγματι ένα θησαυροφυλάκιο τράπεζας στο χώρο των παιχνιδιών. Τα κλειδιά των πελατών μπορούν αν αποκτηθούν χρησιμοποιώντας μια επίθεση social engineering and the guards are ready to be bribed to provide access.
What it means all this
The Symantec program certainly aims to highlight the thinking leadership in the information security market. A technically impressive event. Was the scale of the event impressive and the effort of the company? to set up an entire bank using real systems was just as important. Symantec staff with social engineering and zero-day attacks on a realistic bank and in many cases easily achieved the goal.
Practical learning from the event will surely help Symantec employees to be better at what they do, but it will also help financial services companies understand their weaknesses.
