The Poisoned Pawn: a cybersecurity metaphor
In a game of chess, one of the main strategies to combat an opponent is to predict their moves and intentions. In our daily digital life, knowing the methods and goals of cybercriminals is also one of the best ways to identify and avoid traps.
Chess and technology have several characteristics in common, such as the complexity and rationale behind the various ways of winning a game or creating a system. For this very reason, it is common to find IT professionals who are chess players or enthusiasts, as well as chess players who are interested in the world of technology.
The Perallis team is aware of this relationship and considers chess another opportunity to popularize the concepts of cybersecurity - and the Poison Pawn proved to be a great move for the initial metaphor of this partnership.
The poisoned pawn is a type of move in which a player, using the white pieces, allows a pawn to be taken by the opponent, hoping that by capturing the piece the opponent will be exposed to a more serious attack. The Queen's Gambit is a type of poisoned pawn.
But what does cybersecurity have to do with this? Well, a lot! As the Chess Master, Rafael Leitão, explains:
"Prophylaxis is the most important concept in chess. It is the action of trying to understand what your opponent is thinking. From the moment you know what your opponent is thinking, he can no longer surprise you. So, you have to learn how to do this in chess, in cybersecurity, in your life: put yourself in the other person's shoes and try to understand what he or she is thinking. In cybersecurity, you can determine, for example, whether information you are giving is dangerous or whether it is simply necessary."
Following this line of thinking, we can say that, in chess, only a well-prepared and attentive player is able to identify traps and act safely. And this metaphor applies perfectly to our lives, particularly to the part we spend online.
Cybersecurity is more about people than about the code
A recent study has shown that about 98% of cyberattacks depend on social engineering. This means that to be effective they need the action of a human being; they need someone to make the final click and fall into the trap. And do you know what first step is to defend yourself? Be informed!
A chess player cannot avoid poisoned pawns if he or she does not know how to identify them. In the same way, we, digital users, cannot avoid traps if we do not know that they exist, how they work, and how to identify them. In chess, the dispute is not between the pieces; it is between the people who control them. In the digital world, the most experienced cybercriminals are not simply manipulating code; they manipulate the people who have access to it.
As well explained by Rafael Leitão, the process of understanding and predicting the actions of the opposing chess player is called prophylaxis. In the digital world, we can call this prevention cybersecurity culture. The basic tip to protect yourself, both in the game and in life, is: if it seems too good to be true, be suspicious.
Applying prophylaxis to cybersecurity
To create traps, criminals usually use things that mess with our heads, such as the sense of urgency, the sense of opportunity, and the sense of danger. So when you receive e-mails or messages with these characteristics, the tips are:
-
Reread the content carefully. Look for inconsistencies and even grammatical errors;
-
Check the sender. Remember, companies have personalized email addresses. Amazon, for example, would never use an email address such as "amazon@gmail.com", but something like "contact@amazon.com";
-
Google the sender's email address or even some of the content you received. If it is a scam, it is common to find people or news stories that mention this.
When we consider a company's cybersecurity, which is even more complex than for individuals, we find another relationship with the chess world.
In the game, a mistaken strategy or a careless move can lead to an irreversible situation, to defeat. The same can happen with cybersecurity. It is practically impossible to reverse the damage caused by successful attacks, because:
-
Once the data is leaked it is never considered secret again;
-
It is even harder to find and punish the cybercriminals;
-
And the bad publicity created for the affected company cannot be undone.
All these points show that, in both chess and data security, the best way is prevention and being informed.
If you run a business, aim to educate your staff on how cybercrime works and to create a culture of cybersecurity that permeates the entire team. You can learn more about how to do this at the Hacker Rangers website, which teaches cybersecurity through a gamified platform that encourages engagement.
And if you are interested in chess and the game's relationship with technology, follow the Hacker Rangers social networks! New and interesting content is constantly being published there.
Article translated from: Peão Envenenado: uma metáfora de cibersegurança — Perallis Security