Light Dark
May 31, 2019 By Sue Poremba 4 min read
CISO

I will never watch “The Little Mermaid” again without thinking about ransomware and cyberattacks.

Although Ariel agrees to the arrangement with Ursula, the sea witch hijacks the mermaid’s voice, but with a catch. Ariel has to kiss the prince by a predetermined deadline. If she does, her voice is returned. If she doesn’t, Ursula keeps the voice, which you know she plans to use for her own nefarious behavior. Ariel’s voice is like valuable company data, stolen and held for ransom.

During her keynote speech at CPX360 in Las Vegas earlier this year, Maya Horowitz, director of threat intelligence and research at Check Point, used Disney villains to illustrate cyberattacks and add a more relatable touch to security awareness training.

Cybersecurity is like these famous cartoon villains, Horowitz told the audience. Maybe we aren’t being given a poisoned apple by an evil queen disguised as a friendly old woman, but we are getting phishing emails disguised as familiar companies or celebrities offering free iPhones.

In the business world — and in personal life — it can be difficult to tell when those bearing gifts are disguised wrongdoers tricking us into making mistakes so that they can do us harm. Similarly, we may not realize when deceptive cyberattacks are occurring or recognize vulnerabilities within our systems until it’s too late. But perhaps we can improve security awareness training by using pop culture references and gamification techniques to make the critical concepts more relatable.

Cartoons Stick in Our Memory

“The human memory works in a way that new data needs to be ‘glued’ to existing data in order to be processed,” Omer Taran, co-founder and CTO at CybeReady, explained in an email comment.

Using a cartoon or a familiar icon can leverage the power of familiar images, allowing new data to be better absorbed. “The more the existing cartoon has relevant properties that interact with the required new data, the stronger is the impact,” Taran added.

Want your employees to understand how a distributed denial-of-service (DDoS) attack works? Watch the stampede scene from “The Lion King” — and fight to hold back the tears, of course. Wildebeests may not be the perfect analog for botnets, but when you send millions of botnets streaming toward a network, they too can easily strike down a target for as long as they like.

Sleeping Beauty provides a good example of what can happen if your organization isn’t diligent about patching known vulnerabilities. The king and queen were warned that if their infant daughter pricked her finger on a spinning wheel before she turned a certain age, the entire kingdom would fall into a deep sleep. While the royals thought they had found every spinning wheel, one was forgotten and discovered by the princess, and the rest is (fictional) history.

In a similar fashion, one unpatched machine could lead to the takedown of a whole network. It could also be used for advanced persistent threat (APT) attacks. Like the sleeping spell, these attacks are designed to trigger at a later date, and the threat actor disappears long before the damage is done.

Of course, you can move the cartoon analogies away from Disney movies and find cyberattack lessons in virtually any cartoon you enjoy. A day in the life of Bart Simpson, for instance, is like the man-in-the-middle attack; he eavesdrops on his victims and then wreaks havoc.

Security decision-makers may even relate to the story of Wile E. Coyote and Road Runner. Road Runner is always one step ahead of Coyote — the bird sometimes even mocks him after another attempt at containment fails. Cybersecurity sometimes feels like this. Even if all of the elaborate tools and strategies are deployed to catch threat actors before they attack, they sometimes elide our efforts regardless and stick out their tongues when they’re finished. Still, we must carry on and do our best next time.

The Hero Saves the Day

Using Disney villains (or any cartoon or pop reference) as a way to engage and teach people about cyberattacks is part of a greater movement looking to use fun methods to improve training retention and attention. Gamification is growing increasingly popular in security awareness training. People who play video games love competition and earning rewards, so gamifying security education can bring that sense of healthy competition into the workplace for the better.

But as fun as the gaming and competition can be, it’s not for everyone. All employees retain information through different methods. For some, it takes hands-on action and competition for rewards. For others, it takes a visual connection or drawing comparisons between favorite movie scenes and specific real-life scenarios. It may take a combination of these methods to address cyberthreat mitigation across the board.

For example, Vectra, an AI-driven threat detection platform, created its own cartoon characters (to avoid any copyright issues) and uses them as a security teaching tool. It employs villains to personify the phases of the attack life cycle — command and control, internal recon, lateral movement, data exfiltration and botnet monetization. Of course, the superhero, Cognito, comes in to save the day.

This point is perhaps the most important takeaway regarding the ongoing fight for cybersecurity: While the villains are driving the bad action and causing the cyberattacks, in the end, the hero must always come through to save the day. The more your employees know about cyberthreats, the more heroes your organization will have.

 |  |  |  |  |  |  |  |  | 
Sue Poremba

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature