News & Insights

Play the Cyber Risk Game Like Poker, Not Chess

WhiteHawk Inc.

Play the Cyber Risk Game Like Poker, Not Chess

Chess and poker are often used as metaphors to describe the state of cybersecurity strategies. But which game explains it the best? And how does one play it?

As a chess player, you deal with the pieces out in the open and use raw intelligence to anticipate your opponent's next moves, then navigate across the board accordingly. The better players can think four to eight moves ahead, whereas the novice typically focuses on the next two moves. The game is asymmetrical in nature, and you only win by outsmarting your opponent.

Poker, on the other hand, is a different story. Your cards are not laid out in the open, and to win this game you need to have the best hand.

Cyber risk is no longer a chess game where all of your intelligence is out in the open, and checkmate is assured. Cyber risk has become a game of poker with hidden cards and false impressions. Here are some strategies to win in this game of cyber poker:

-Don't Depend on Luck, Develop Skills and Practice

Depending on luck will only get you so far until you lose everything. It is a skill that separates winning players from losing players.

Security awareness training is a process of educating your employees about cyber risks and cybersecurity best practices. Building an effective and engaging training program can start with investing in KnowBe4. A cybersecurity awareness and training platform such as KnowBe4 can help train employees to better manage the critical IT security problems of social engineering.

-Watch Out for Poker Tells

A player gains an advantage if he or she observes another player's tell and determines how to be on the lookout for suspicious patterns. Monitoring your log files, firewall, and **use an intrusion detection system (IDS)**to automatically monitor, search and alert your organization about threats will help identify those "tells" or suspicious activities within your system. Consider adding behavioral-based malware detection that can uncover new and unknown threats in near real-time and avoid overwhelming you with constant alerts.

Symantec, Crowdstrike and Bitdefender Endpoint Protection technologies provide solutions to protect a computer. SG UTM Protection is another software that can identify network attacks, and monitor and assess threats.

-Change Up Your Play

Keep your adversaries guessing and on edge. A poker player needs to adapt to the game and adapt to take advantage and recognize new opportunities or threats. You need to be able to recover from a data breach and even more so have the ability to continue operating through one.

To become adaptable, develop a cybersecurity strategy and implementation plan. Direct a series of actions to improve capabilities and identify vulnerabilities and threats. This will enhance protections of assets and information, as well as further develop a robust response and recovery plan to ensure readiness and resilience when an incident inevitably occurs.

Also, consider looking into defense technology software to assist with changing up your play. System Analysis can help map network topology, discover network devices and monitor performance and availability.

-When the Cards are Revealed, Evaluate Your Play

Players in a poker game evaluate how they played, won, lost or folded. Each hand is a new game with new strategies. Re-evaluate and assign values to your data assets. What is your current process for a cyber incident and are your critical operations reliant on a particular single process? How critical is the data in the database? How harmful will a data leak be to your company's performance and reputation? Cyber Business Development or BDA can access your capabilities around the clock, help you manage your vulnerabilities and improve your strategic vision and goals.

-Protect Your Hand

Players need to defend their blind spots in poker. If a player leaves their cards unprotected and sitting on a table during a hand, the dealer might accidentally sweep their cards back into the deck. If the player had something to protect their cards, the dealer most likely would not muck (refers to the discarded pile into which players may throw away their folded hands) their hand. This is what it means to "protect your hand."

In the game of cyber risk, you must always protect your data. There are a lot of ways to backup data. A good backup strategy is essential for security and is the last defense against data loss, providing a way to restore the original data. Backup and recovery consist of:

  1. Developing a plan and preparing,

  2. Identifying assets and requirements,

  3. Creating a backup strategy,

  4. Implementing and monitoring the strategy, and lastly,

  5. Recovering information through drill tests.

WhiteHawk can help make these strategies more affordable and teach you how to become a cyber poker player. Find out more about improving your security.