Cyber Escape Room
Strengthening your human firewall
Cyber attacks are one of the greatest challenges faced by companies and annual costs for cyber security could increase to as much as US$ 90 billion by 2030. Cyber security encompasses much more than just technology. This is because attacks can be traced back to human error in more than 30% of security incidents. It is therefore all the more important to increase awareness among employees about the dangers of cyber attacks – and that’s exactly where the Cyber Escape Room developed by PwC comes into play.
The most common causes of human error:
- Employees have little or no interest in IT security.
- Employees unwittingly pass on sensitive data.
- Systems are incorrectly configured and this results in reputational damage.
- Companies do not set enough requirements for users in relation to cyber security.
- Social engineering attacks are becoming increasingly widespread and employees fall for them.
Supervisory authorities have also singled out the human factor as a risk to cyber security and are increasing their focus on compliance with awareness-raising requirements. Companies can address this risk by providing the appropriate training and further education.
Cyber Escape Room
Our Security Awareness Program
PwC has developed its comprehensive Security Awareness Program to increase employee awareness about the dangers of cyber attacks. One component of this program is the Cyber Escape Room developed by PwC Germany. By allowing their IT employees to experience realistic scenarios, companies can spark greater interest in this topic and communicate complex information using a game-based approach. The Cyber Escape Room helps to reduce security incidents by strengthening awareness among employees. A major factor for success here is the excitement of a simulation that applies gamification techniques.
“In a business environment where cyber attacks are only a question of time, it is vital to be prepared.”
You can see a short preview of the Cyber Escape Room in our video.
Video
Cyber Escape Room
2:25
More tools
Transcript
Overview of the Cyber Escape Room
- What is the Cyber Escape Room? The idea
- What is it about? The story
- What do the participants have to do?
- How does the simulation work?
- What is the added value?
What is the Cyber Escape Room? The idea
- The idea for the Cyber Escape Room is based on live escape rooms where a small group of people must work together to find a way out of a real-life room.
- The group has to escape confinement within a set time limit with the assistance of hidden clues.
- In the case of the Cyber Escape Room, the participants are placed into a virtual environment, the cyber room.
- They then have to solve puzzles that build upon each other before time runs out.
What is it about? The story
- Based around the familiar structure of a triangular affair, the cyber security simulation exemplifies how cyber criminals combine insider knowledge and criminal resources with modern hacking strategies in order to exploit security weaknesses in a targeted manner.
- In this specific case, a disgruntled former employee who is in prison orchestrates a cyber attack on his ex-employer, an inconspicuous bank with elite clientèle.
- The aim of the attack is to empty the account of the managing director.
What do the participants have to do?
- In the simulation, the participants help the hacker successfully carry out the cyber attack on the bank.
- They slip into the role of hackers and, within a safe environment, carry out the most important forms of cyber attack themselves.
- In doing so, they become familiar with current hacking methods such as SQL injections, brute force attacks and cross-site scripting (XSS) in a playful manner.
How does the simulation work?
- The Cyber Escape Room is suitable for a group of 10 to 20 participants.
- No installation is required. The Cyber Escape Room can be accessed using laptops provided by us and an on-site WiFi connection or, alternatively, via a cloud VM.
- Participants don't need to have any detailed knowledge about IT security.
- The simulation is realistic and has various indicators that provide assistance and measure progress.
- The Cyber Escape Room demonstrates interconnected weaknesses with varying degrees of difficulty.
- An in-depth simulation of the Internet, including search engines and Wikipedia, is also provided.
What is the added value?
- The Cyber Escape Room uses storytelling to generate greater participant motivation and strengthen engagement with the topic.
- The participants develop long-term security awareness while gaining knowledge and understanding about common hacking methods in a playful manner.
- The number of security incidents at companies will decrease as a result of greater awareness among employees.
“The Cyber Escape Room is an exciting simulation for IT employees. Using this game-based approach, it is possible to increase consciousness about the risks that exist in cyberspace.”
Facts and figures
30+
Events per year.
1,000
Participants from ten different countries.
9.8/10.0
Average customer satisfaction.
1,400 hours
Development time in the period from March 2018 to February 2019.
What the participants say
We surveyed participants from the widest possible range of organizations about their experiences in the Cyber Escape Room.
"I enjoyed how we developed and applied knowledge independently. The tasks were doable for a 'layperson' but participants still had to assist each other."
"The level of detail in the simulation was impressive. It was great that SQL and brute force were also included. We had previously heard of them, but had never worked on them before. This meant that we could get an impression of how an attack might proceed in reality."
"The Cyber Escape Room provides a good overview of common hacking methods and concepts."
"Great story! Not too difficult and also not too frustrating – a good learning experience!"
"The event organizers offer a good measure of assistance while simultaneously providing plenty of space for trying things out."
"Good specialist assistance, exciting topic, pleasant group size and high-quality training materials – a great event overall."
Related content
Contact us
Follow us
Contact us
Daniela Geretshuber
Member of the Board and People and Corporate Sustainability Leader, PwC Germany
