Let’s start with a thorny concept most of us have heard of: cybercrime. It’s a mature industry with an extensive professionally run underground economy. As you might know, the cybercrime economy is based on the development and distribution of sophisticated tools to carry out large-scale fraud attacks, consumer-data breaches and politically motivated distributed denial-of-service (DDoS) attacks. These attacks on financial institutions, retailers and governmental agencies result in the loss of billions of dollars every year.
Now, imagine that you’re a managing director at a large corporation. You’re going about your normal business day when… BAM! The corporate website goes down; you learn that the call center is being flooded by panicked customers; and members of the media are calling you to comment on the surge of negative comments on your Twitter page. What should you do first? How are you going to respond to this crisis and return your business’ functions to their normal state?
These and other questions were running through my clients’ minds. They wanted to investigate how they might be affected by a hypothetical cybercrime, and they were asking questions. “What if we lost electricity?” “What if we lost control of the website or our mobile apps?” “What if sensitive customer data were stolen?” “What would we do?” Instead of waiting for a crisis to occur so that they could learn from the school of hard knocks, they decided to simulate a handful of devastating “What ifs” ahead of time in the form of a game.