You’ve probably heard of this Pokemon Go thing. We recently featured the game in our latest newsletter, and have since been running around like PokeManiacs trying to catch ‘em all. While discussing our Komand group strategy (Yes, we’re playing as a team 😅), we couldn’t help but notice parallels between Pokemon Go and cybersecurity. In particular, we see strong correlations between gym defense and cyberdefense.
For those that aren’t privvy, the goal of Pokemon Go is to collect and train as many Pokemon (cute “pocket monsters” ❤️) as possible, and to claim gyms in the name of your team. There are three teams: Instinct, Mystic, and Valor (we’re split between Mystic and Valor here at Komand). Gyms are located at major landmarks and are a target of never ending attacks.
The three teams are constantly battling it out to own and defend a gym. How exactly do you defend a gym? You leave your trained Pokemon, the defenders, to protect against adversaries. As you can imagine, it’s a great feat to keep a gym within your team’s control on a daily basis.
Here’s where the parallels come in.
1. Adversaries are everywhere, and you don’t know when they’ll attack
Similar to cybersecurity, there are strong adversaries all around. But you have no idea who they are, what they’re capable of, and when they’ll attack. It’s easy to assume the strong will always prevail, but that’s putting all your exeggcute in one basket.
It’s important to accept this constant threat. Don’t assume it can’t happen to you, and don’t cower in the face of the unknown. Instead, prepare your defenses for the inevitable: a full-scale barrage from your adversaries. Their goal? Compromising your defenses, and taking your goods for their benefit.
2. Intel and research will help bolster your defenses
As mentioned before, the strong don’t always win and you don’t always know who will attack. But based on the threat landscape, you can make some educated guesses.
Take a survey of the most prominent Pokemon in your area. Assume others have also caught and raised those Pokemon to stronger and evolved versions, and have similar capabilities as you. These can and most likely will become your attackers.
You should also audit gyms in your team’s control to identify current defenders. What are your strengths? What are your weaknesses? Study the lineup of adversarial gyms, as well. What are their strengths and their weaknesses? More on this one later.
Finally, think about when gyms are most likely to be attacked. High traffic periods, such as lunch hour and rush hour, bring the potential for more adversaries ready to attack. But that doesn’t mean attacks can’t happen during lulls, either.
Understanding your attackers is key here, which leads me to my next point...
3. Put the right defenders in place for the job
Knowing both your strengths and weaknesses as well as your adversary’s is crucial. When examining your adversary’s lineup, think about how your defenders match up. In the game, are CP’s (combat power) close in range? What type of Pokemon do they employ (Water, fire, thunder, normal, etc)? Are they stronger with attack or defense?
Whatever the case, you should build a diverse lineup that rivals the other team’s. Take advantage of their weaknesses, and put in place Pokemon that are strong against theirs. It’s not always about combat power. As is the case in cybersecurity, brute force doesn’t always win in the face of good strategy.
But keep in mind: adversaries can also gather intel on your team and take advantage of your weaknesses, too. So...
4. Test your defenses early and often
When playing Pokemon Go, it is suggested that you travel to your team’s gyms to test and grow your own strength and experience. But this concept can also work in the reverse.
If it’s easy for you to defeat the members of your gyms, it will likely be easy for an adversary to defeat you and your members, too. So train up and prepare your defenses! Make your defenders stronger by testing against fellow team members. Strategically place strong and diverse Pokemon at the gym to beef up security. Rinse, repeat.
Like in real life cyberdefense, there is no replacement for experience. So keep testing your team’s defenses while growing your own offense.
5. Defense is a team sport, and you’re stronger together
Given the possibility of attack at any time, members of each team need to support one another, whether you know them in person or not. In the game, you’re constantly encouraged to join your gyms’ defenses and add strong Pokemon defenders of your own to hold down the fort.
Essentially, everyone is responsible for defense, and it is a team effort.
You can’t lonewolf-it long term, and you need to trust your fellow members. This is a valuable lesson that anyone can take away from the game, but especially those of us in security. We’ve mentioned before that we’re big believers in security ownership across the board, but Pokemon Go exemplifies this concept in everyday game play.
Keep calm and catch ‘em all
We realize that Pokemon Go is just a game, and this brief guide simplifies the real world complexities that every organization faces with cybersecurity. Regardless, these are still good high level lessons to learn from all while having fun (and hopefully not walking into a military base just to find a Pikachu).