Agent Surefire

Agent Surefire is an immersive Information Security training simulation in Serious Games format raising employee awareness and “buy-in” on information security best practices. It is designed to effortlessly bridge daily experience with the methods of securing sensitive information. The engaging game-based content delivery allows learning by trial and error, situational awareness, immersed decision making, by way of identifying violations in a realistic office simulation.

Ultimately, a boring, even punitive training becomes fun, creating unmatched employee participation in cybersecurity and information security awareness.

The goal of the game is to create employee awareness in recognizing their essential role in safeguarding sensitive information inside their office environment.

Cybersecurity Awareness Problem

The facts are in plain sight: The strongest cybersecurity systems cannot provide fully effective protection against all cyber attacks. This is not because they are inadequate, but because many aspects of current systems rely on the users and their decisions. This is known as the Human Factor. Greater than half of the reported breaches in 2010 were caused by unintentional mistakes made by the employees . A majority of breaches could have been avoided if some of the most common mistakes were not made.

Attackers choose the path of least resistance and build an attack plan on the information they gather through the unintentional vulnerabilities created by the workers. Contrary to common belief, most major breaches are not isolated one-time events. Instead the attackers carry out multi-stage attack plans:

• Gather information
• Figure out a way to secretly install a backdoor access to the system
• Build the backdoor
• Using the backdoor, steal information in undetectable packages.

The vulnerabilities created by daily activities in the work environment are in both electronic and physical settings. Building critical thinking skills and ability to recognize patterns are two key elements in protecting our assets against the ever-evolving security threats.

Death by PowerPoint

Many organizations either have a limited cyber awareness training program or worse, non at all. The typical medium to large business will offer some form of internal training once a year which consists of a set of PowerPoint slides. Employees are asked to review the material and state they completed the training. In no way does this build a strong awareness of anything other than the "check the box" mentality. This style of awareness training is punitive and almost worthless toward improving the cybersecurity posture of an organization. What is needed is a non-punitive, fun and engaging learning program that allows the learner to be in control and that places the learner in an environment that actually allows them to fail and succeed.

The Solution – Agent Surefire

Traditional training has its value however, to ensure a deep and continuous awareness of the essential cybersecurity threats learning must create; a hands-on, non-scripted experience inside a realistic environment that fosters situational awareness, complex decision making and attention to details.

Imagine rather than sending out PowerPoint slides or asking folks to review a short video on cybersecurity awareness if you were able to immerse them in a game in which ‘they’ are the special agent. As the lead agent the participant can move through realistic environments, find clues and violations and tag and identify what level of violation exists. The player’s findings are timed, actions recorded and responses and decisions captured as metrics against the cybersecurity policies of your organization. Now you can use this data to ensure compliance and now cybersecurity awareness training is fun and engaging and not punitive.

Organizationally you now can create learning environments quickly, cost effectively and report the desired activities. Agent Surefire with it’s MAVI engine allows your organization to:

• Build Fast
• Deploy Everywhere
• Report on Everything