Plaintext: Let's Play!

Welcome to Dark Reading in?Plaintext, where each day we dig into topics important to cybersecurity professionals. Today, we talk about games -- not gamification of security, but honest-to-goodness board and card games. How can games help with being a better security professional?

Chess, Video

Cybersecurity and chess have many things in common, writes Cylus CTO Miki Shifman. In both cases, the players/defenders must outsmart their opponents, think several steps ahead of their adversaries, and capitalize on mistakes made by the attacker to strengthen their defenses. Chess is very similar to cybersecurity because players need to recognize their weaknesses, make plans and be prepare to change, and automate all processes. "Knowing that your own king is protected is as important as knowing when your opponent's king isn’t," Shifman says.

Many classic games help develop important cybersecurity skills. Consider Risk, for example. Players who can outthink their opponents early on in Risk have the advantage -- much like security. Or the game of Clue, where it's important to document each piece of relevant information to ensure that it isn't forgotten. It's also important to understand the impact of each clue and eliminate possibilities and draw conclusions. That level of attention to detail is necessary for a successful security program. As with Clue players, successful security teams understand how to map each relevant piece of information to the impact it has on the organization.

Gamification of security is not new. There are ways to add points and leaderboards to make security awareness training more engaging. There are security-themed games and simulations, such as the OWASP Cornucopia card game and Control-Alt-Hack. [d0x3d] is a personal favorite, just in case you want to check it out. War games and tabletop exercises help security teams ensure they know what to do in case of a real security incident or breach, and identify all the resources they would need.

Headlines on Tap?

• A massive new phishing campaign targeting Microsoft email service users relies on adversary-in-the-middle techniques to evade detection.
• Early-stage startup Footprint emerges from stealth today with $6 million in seed investment to change how enterprises handle identity verification.
• There is a a 22% year-over-year increase in major cyberattacks involving mobile and IoT devices, Verizon says.?

Enjoy reading Dark Reading? Subscribe to receive?Dark Reading Daily?every morning!

On That Note

Mental health is increasingly becoming a bigger part of the conversation among security professionals, so we asked past Black Hat attendees to rate their stress levels in the this year's Black Hat Attendee Survey. Half of the respondents say they do not feel burned out in their jobs — a rating of 6 or lower on a 10-point scale — and half say they are almost burned out — a rating of 7, 8, or 9 on the same scale. Compare that to 2021, with 56% saying they are not feeling burned out and 44% saying they are almost there.

Source: 2022 Black Hat Attendee Survey

Check out the rest of the?2022?Black?Hat?Attendee?Survey!