Chevron icon It indicates an expandable section or menu, or sometimes previous / next navigation options. HOMEPAGE

For one week, employees at this cyber security company get to play the bad guys

symantec cyberwar games
Team Breaking Bad. Melia Robinson/Business Insider

For most of the year, employees of leading cyber-security firm Symantec work toward securing and managing their customers' information.

Advertisement

This week, they took a break from that. They got to be the bad guys.

Four years ago, Symantec launched its annual CyberWar Games, an internal event that challenges employees to walk in the shoes of an attacker. The Games simulates an information security breach modeled after a high profile incident reported in the media, and employees experience the attack from start to finish as the malicious party.

This year, more than 1,500 Symantec employees registered. On Wednesday, February 25, the best teams of four from around the world received all-expenses-paid trips to Symantec's world headquarters in Mountain View, California, to compete in the final objective.

The scenario: A hospital is conducting a clinical trial of a new drug. The attacker does not want that drug to go to market. In order to thwart the drug's success, the attacker must sabotage data being collected from patients in the trial so the FDA will not approve it.

Advertisement

The grand prize for hacking into the hospital's databases and creating a diversionary campaign to throw off suspicion? Company bragging rights.

symantec cyberwar games
A fake hospital room is set up behind Symantec employees. Melia Robinson/Business Insider

Symantec's odd training approach isn't unique. Many businesses and government-related organizations enlist ethical hackers, or experts who systematically penetrate a computer system or network on behalf of its owners in order to discover its vulnerabilities.

Michael Garvin, a senior manager of product management at Symantec, who organizes the event, says "it's about developing that muscle memory" for when an attacker strikes.

Employees learn how an attacker can exploit networks, applications, products, and solutions, and why they might be motivated to do so. In this year's simulation, maybe the attacker was a disgruntled employee of the pharmaceutical company conducting the clinical trial, or an employee of a rival company that would prefer its version of the drug go to market first.

Advertisement
symantec cyberwar games
Antonio Forzieri (right) is on team Three Monkeys. Melia Robinson/Business Insider

This role-reversal changes the way employees think about emerging threats and cyber-criminal tactics.

"Most of the time, you don't use these skills," said contestant Antonio Forzieri, from Italy. He works in Symantec's Cyber Security Practice department, covering clients in Europe, the Middle East, and Africa. Forzieri won the Games last year and placed second two years ago. He appreciates the chance to think like an offender and cultivate his "information security IQ."

When asked what the most difficult part of the Games is this year, he answered: "Everything."

Security
Advertisement
Close icon Two crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.

Jump to

  1. Main content
  2. Search
  3. Account