Breaking down cybersecurity best practices one castle wall at a time

It’s not a situation Marilyn Gallagher-Crawford is accustomed to, but last week the councillor for Ajax Ward 1 found herself fending off a small army of foot soldiers trying to penetrate her castle.

As the Queen and one of the primary decision-makers of the medieval base, ensuring the castle wasn’t breached was one of her main responsibilities. But she made mistakes, she said. Those foot soldiers rushing the southern wall weren’t met with the proper defenses. Instead, the majority of the castle’s defenses were aimed at the draw bridge out front, where another wave of attacks was taking place.

The draw bridge attack turned out to be a distraction. The absence of trained professionals guarding the back door turned out to cost the castle its keep.

“If I were to do it again, I would do things a lot differently,” Crawford told IT World Canada.

Crawford was one of nine participants in the “Breach the Keep” event at Durham College Dec. 2. The event, organized by information security advisor Michael Ball and students from the college, is the early version of what Ball hopes to be a series of tabletop games for business and public sector leaders seeking a different set of lens to learn about cybersecurity best practices. Crawford was the only councillor on site but was accompanied by other community leaders and tech enthusiasts.

Inspired heavily by the popular Dungeons and Dragons tabletop games, Breach the Keep is an early version of a packaged product Ball hopes to get off the ground in the coming months.

Ball has multiple scenarios wrapped around the medieval aesthetics that thrust participants into one of several unique circumstances under which they have to navigate a growing threat – or threats – and defend critical data, represented by the castle’s keep.

Michael Ball breaks down the rules of the game during the Breach the Keep event in Durham College. Photo submitted.

“The moat just outside the castle walls represent an intrusion prevention system. The wall itself represents a firewall. The four corners of the castle have a watchtower, representing intrusion monitoring. And all of these layers defend the keep – the data and other critical systems, which you want to protect,” Ball explained.

As the Dungeon Master, which is essentially the game’s narrator, Ball is confident this new spin on cybersecurity awareness training will stick with participants. It’s rare when these types of tabletop games address multiple angles of cybersecurity simultaneously.

“I’m pretty happy with it right now,” he told the publication, adding the game is currently what he would describe in beta stage. “It’s interesting how easily a breach scenario maps onto [a medieval castle].”

While Toronto largely dominates the spotlight when it comes to Canada’s growing tech hubs, the Oshawa region just outside the city is quickly becoming a landing pad for incoming talent.

A recent report from real estate services firm CBRE notes that Toronto’s tech talent pool grew by 54 per cent between 2013 and 2018 to reach 228,500, but the annual ranking saw Hamilton, Ont., crack the top 10 for the first time, while Oshawa went up by two to rank number 12.

The April opening of an innovation accelerator, known as “1855 Whitby” in the former provincial land registry office in the Durham region near Oshawa is expected to boost the region’s innovation chops by attracting new talent.

Matching this growth is a heightened sense of cyber awareness, as news of breaches impacting the area’s municipalities, school boards, and hospitals shows no sign of slowing down.

Crawford referenced a successful phishing scam earlier this year that cost the City of Burlington CA$503,000. More recently, the town of Woodstock Ont., confirmed that the ransomware attack it sustained in September is set to cost the municipality more than $667,000. According to local reporting, the town didn’t even pay the ransom, but the damage was still significant.

These types of stories, she said, keep her up at night. Investing more into cybersecurity, and more importantly, understanding where the municipality’s gaps currently exist is top of mind for city staff outside of the IT department. Hearing more about these types of attacks in the news has put city councillors on high alert as well, indicated Crawford.

One of the things Crawford learned about during the Breach the Keep exercise was just how sneaky threat actors can be, and when they combine that stealthy activity with sophisticated malware, the result can be overwhelming.

“[$503,000] is an astronomical amount,” she said. “The money you put into cybersecurity today could, in fact, save you an incredible amount of money in the future.”


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Alex Coop
Alex Coop
Former Editorial Director for IT World Canada and its sister publications.

Featured Story

How the CTO can Maintain Cloud Momentum Across the Enterprise

Embracing cloud is easy for some individuals. But embedding widespread cloud adoption at the enterprise level is...

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.

Featured Tech Jobs