March Madness Challenge for Cybersecurity Professionals

Let the "madness" begin! The NCAA Basketball tournament is different for everyone. Some experience madness after a gut-wrenching triple overtime victory by their alma mater, while others after a buzzer-beater shot from half-court by a 16th-ranked Cinderella underdog that instantly knocks out one of your final four selections. However, to me there is nothing more maddening, in the delightful sense of the term, to watch the facial expression of a die-hard college basketball fan —who leveraged their proprietary big data analysis and game theory modeling to artfully compose their “bracket” masterpiece— when they realized they just got absolutely crushed in the office pool by the always cheerful and innocent coworker who made their selections by comparing the team’s mascots. (Oh, and this happens more times than you think!)

For corporations and organizations, the madness tends to focus around the balance of embracing the positive team-building benefits and supporting the cultural festivities with the lost productivity, misuse of resources, and potential security risks. In fact, the global outplacement consultancy, Challenger, Gray & Christmas, Inc., projected that close to 77 million workers participated in office pools in 2023–spending their work hours completing brackets, streaming games, and checking scores–which resulted in $17.3 billion of lost wages (up one billion from the prior year) for employers.

Embrace the madness...

While these reported participation and cost numbers seem shocking, the guidance quickly shifted towards the fact that organizations should not look to suppress, but embrace the madness due to the long-term impact on employee morale, loyalty, and engagement. Therefore, in the spirit of embracing the madness, we believe cybersecurity professionals should take this opportunity to not only test their own wit and skills, but to gamify the measurement of the impact to their own organization.

"March Madness" Challenge

The "March Madness" Challenge is a multi-cybersecurity analyst simulation experience designed to measure an organization readiness to detect critical “March Madness” activity and potential threats.

The challenge starts by setting your Secure Email Gateway appliance, Secure Web Gateway, or Adaptive DLP solution in 'monitor' mode with “March Madness” policies to track and trace all related activity, potential threats, and information sharing that occurs in and out of the corporate network.

Score your ability to detect the following “March Madness-classified" events:

• 500 Points - NCAA Tournament Bracket form accessed from a major sports website
• 500 Points - NCAA Tournament Bracket form detected entering or leaving your network 
• 300 Points - Hidden information in attachment including individual, user name and organization that created or updated the document in the metadata that could be harvested or used for a phishing attack
• 300 Points - Active-content hidden in inbound brackets or scorecards simulating malware or ransomware triggers
• 200 Points - Channel type used for Bracket distribution–email or webmail, social media, or cloud app
• 100 Points - Each 15 minutes of video streaming of live or on-demand games
• 100 Points - Social media March Madness “smack-talking” posts; score according to appropriateness 
• 50 Points - Viewing of popular online sports news or betting websites

Tips and Tricks

Champion scoring - To score the most points, be sure to intercept all data and analyze it for “March Madness” information, levering full and partial fingerprints of the data and one-way hashing algorithms so the data cannot be reverse engineered from its original formats.

Go Undetected - In the spirit of the game, and to avoid the appearance of “Big Brother,” you can give your scorekeeper similar access to a Compliance Officer or IT Auditor in a traditional information governance implementation with access to oversee and keep score of activities and information that are detected in traffic flows without having the ability to read the content specifically.

Collect Your Prize

Finally, to be declared the “March Madness Challenge Champion”, you have to perform a final after-the-fact analysis of all activity and shared information flows to detect all sources and exposure of critical “March Madness” information.

"Game Over" Summary

As fun as this might be, we don’t actually expect any cybersecurity professional to participate in such a challenge on their corporate network. However, we do believe all organizations should have similar visibility to track and trace critical information and the capability to prevent it from leaving their organization.

Or, if you are looking to teach your employees good email usage practices, Fortra's Terranova Security Gone Phishing Tournament co-sponsored by Microsoft and offered every October.