Originally introduced in 2004 as a videogame simulation spinoff, an escape room is a game where teams collaboratively piece together clues, solve puzzles and riddles in order to get out of a room in a given period of time. Time is of the essence, and it is critical that team members work together to win.
As escape rooms have surged in popularity, it has become increasingly interesting how the innerworkings, mimic, in many ways, the cybersecurity environment. IT leaders and their teams must grapple with the pace and evolution of the technological landscape as they are incessantly presented with new and unpredictable situations. And as in escape rooms, the answers are not always clear.
Six strategies can be used in escape rooms and cybersecurity environments that will increase teams’ odds for success. Although each environment is intrinsically different, how to think, what to do and the techniques to beat the clock are all very similar.
1. Select a diverse team
Escape rooms are challenging, and it is essential when assembling your team to select a diverse group of people with varying strengths, viewpoints and skills to think through complex and seemingly impossible scenarios. You will want to select team members that are exceptional problem solvers and analytical thinkers. The best teams are made up of people that have strong organizational, communications and creative thinking skills.
Similarly, in the cybersecurity environment, IT leaders have to build their teams based on a range of core competencies unique to their environment and industry. Automation and Artificial Intelligence (AI) skills are paramount in today’s cybersecurity environment, as well as expertise in cloud and data security, risk management and IoT. These are relatively new skills, and it is critical for leaders to encourage and offer IT training opportunities and certifications where skillsets are taught, applied and validated through testing to stay up to date with the evolving technological landscape. Likewise, leaders will need to continue to examine the skills across their team over time to understand weaknesses and hire new talent, with the requisite certifications and expertise, to fill any gaps. By selecting a team with an array of skills and keeping the team members up to date on the latest skills in security, leaders position their teams to better defend the organization and protect against cybersecurity threats.
2. Become immersed in the environment
When approaching an escape room challenge, it is important for team members to familiarize themselves with the construct of the challenge and objects in the room. In an escape room, this literally means lifting and moving props, and assessing the contents in drawers or on tables prior to the game’s onset.
Similarly, in cybersecurity, understanding your surroundings is crucial. First, cybersecurity professionals need to understand the unique environment they are working in and be able to meaningfully monitor, create threat response mechanisms and recognize intrusions, should they occur. Each threat landscape is different and is contingent upon a business’ scope, operations, size and industry. There is no one approach that can be standardized across all.
Second, they have to thoroughly understand the greater threat landscape, and what is going on in the world around them. They should, for example, be versed in recent attacks, and how hackers succeeded to ensure that their own environments are not susceptible to like-risks. The greater threat landscape can be understood by keeping up with the latest cybersecurity news and engaging in continuing education opportunities through conferences, training classes and more.
Because the threat environment is continuously evolving as devices become smarter and more connected, leaders who prioritize and provide learning opportunities put their teams in a better position to succeed. Team round-table conversations, training, certifications and continuing education all help cybersecurity professionals stay ahead of new cybersecurity threats.
3. Divide and conquer
In an escape room, there will inevitably be tasks that are too challenging or time consuming for the broader team. In these instances, it is essential that team members understand the importance of specialization and how to divide and conquer. One of the advantages of having a diverse team in an escape room is the ability to play to each team member’s strengths.
Like in the escape room, it is sometimes necessary that cybersecurity teams tackle their work with a strategic, strengths-based approach. Networks have become so complex, and are evolving so quickly, no one person can see and address all of the threats that could potentially occur. And different cybersecurity team members come with different skillsets. For example, cybersecurity teams are beginning to rely heavily on automation to curtail threats, making software developers increasingly valuable. As they begin to create automated processes, network engineering teams can spend more time on strategic, proactive work instead of the reactive, troubleshooting tasks they were previously accustomed to. As the IT landscape continues to change, it will be critical that leaders leverage each team member’s individual strengths to divide and conquer. It’s also important that leaders help their team build new skills through rotational programs, mentoring, certifications and training.
4. Communicate across the team
Working in silos shuts down communication, and the implications of failed communication can be perilous. In escape rooms, it could cost the game. In cybersecurity environments it could cost valuable customer information or even damage to a business’ brand. Some of the biggest breaches ever recorded were the result of failed communication.
Communication breaks silos, builds trust, encourages sharing of best practices, yields creativity and solves problems. In an escape room, good communication can help your team piece clues together and connect the dots to progress to the next puzzle. In the end, good communication is the ultimate strategy that leads to successful escape. In cybersecurity, good communication can help your team successfully defend against a threat or create a risk mitigation strategy to keep the business safe. Careful coordination and good communication keep cybersecurity threats at bay and businesses secure.
Leaders can help facilitate a culture where communication is at the forefront by establishing and clearly articulating the team’s charter and mission in context and by offering educational opportunities like rotational programs. Both strategies reinforce the importance of communication across the team.
5. Keep a positive attitude
In an escape room, it is essential that team members work together and keep a positive attitude in the process of piecing together clues and solving puzzles. This is so important! It would be easy to get frustrated and give up. And in an escape room, a bad attitude could mean losing the game. In cybersecurity, it could mean much worse – a cybersecurity breach, loss of customer data, compromised systems or even physical harm.
In cybersecurity it is important for team members to have a good working relationship in order to successfully protect the organization from threats. This cannot be emphasized enough - team dynamics are crucial. If someone has a bad attitude on the team, it could cause major issues and possibly even cybersecurity vulnerability. So, it is critical that team members stay positive and work together to defend against security threats. You’re all working towards the same goal, after all.
When it comes to a positive attitude, it is really all about the people. Hiring the right people to work on a cybersecurity team is the first step. Leaders can set the right tone by communicating the team’s values, by providing opportunities for team members to connect on a more personal level, through events like team lunches, and through culture-based learning and training programs.
6. Think like a writer (hacker, malicious insider or cybercriminal!)
Escape rooms are filled with seemingly impossible challenges, and the clues, often, seem to have little to no context or relation. It is easy for teams to follow one track in solving a problem and fail to assess the situation from different points of view. My advice: think like a mystery writer.…or hacker, malicious insider, or cybercriminal. If you were an antagonist, in the cybersecurity world, what would you look for? Who would you target? What would your strategy be? These are the questions that IT teams must continuously assess.
There are a number of training and continuing education opportunities that provide this perspective. Likewise, teams can take part in online sandboxes and simulations to get a glimpse at how cybersecurity threats could appear. They can also hire companies to test their organization’s unique environments. Regularly validating security systems not only fends off attacks, but it also ensures that the team’s processes and systems are up to date.
Cybersecurity teams are constantly on the offensive: they have to be right 100% of the time, but hackers only have to be right once.
Although the scenarios and clues in each escape room are different, strategies for successfully getting out of the room are the same. Select a team with diverse strengths, get to know and understand the environment you are dealing with, play to each team member’s strengths, communicate with your team members, keep a positive attitude and think from multiple perspectives. These strategies are sure to get you out of the room, or in the case of cybersecurity, position you to defend your organization from cybersecurity threats and risks. And although each cybersecurity threat is unique, IT leaders can adopt a proactive approach to build a dynamic cybersecurity team able to identify and mitigate risk. There are several considerations to take into account, but among the most instrumental is creating and maintaining a diverse, inquisitive, efficient, collaborative and creative team. Considering these strategies, it is your turn to make an assessment. Does your team have what it takes?