AIG’s Immersive Platform is designed to create realistic simulations that help organisations train their employees to recognise and respond to various security threats. Below, we outline several example scenarios that can be integrated into the platform to prepare employees for potential risks and ensure robust security protocols.
In this scenario, we explore the actions of an insider within the organisation who leaks sensitive information, either with malicious intent or to gain notoriety. Imagine an employee who has access to upcoming product details and decides to share this confidential information with external parties before the official release. This act can severely damage the company's competitive edge and reputation. The objective of this scenario is to train employees to detect and report suspicious behavior, understand the importance of maintaining information security, and take measures to mitigate the risk of internal threats.
Here, a bad actor gains physical access to the workplace by tailgating, which involves following an authorised person into a secure area without proper authorisation. Once inside, the bad actor seeks out a vacant and unlocked computer to access sensitive information and install a backdoor into the organisation's infrastructure. This scenario emphasizes the importance of physical security measures, such as ensuring that unauthorised individuals do not gain entry to secure areas and the need to lock computers when unattended to prevent unauthorised access.
This scenario involves a bad actor who convinces office workers to perform an innocent-seeming action that results in granting backdoor access to the bad actor. For example, the bad actor may leave a USB drive labeled "Confidential" in a common area, hoping that an employee will pick it up and insert it into their computer out of curiosity. This action could then install malicious software that provides the bad actor with access to the organisation's systems. The objective is to educate employees on recognising and avoiding baiting attempts and establish protocols for handling suspicious requests or items.
In this scenario, a bad actor convinces a worker to perform an action that grants access to information or systems in exchange for a perceived benefit, such as a gift or a favor. For instance, an attacker might offer an employee a free software license in return for access to a company's database. The scenario highlights the dangers of quid pro quo situations and the importance of adhering to company policies regarding information sharing and avoiding external incentives that could compromise security.
This scenario focuses on bad actors creating elaborate stories over several interactions to build a profile of the worker or organisation, ultimately gaining access to secure systems. The bad actors might send emails posing as trusted colleagues or clients, gradually extracting sensitive information through seemingly harmless questions. Employees are trained to identify and respond to phishing and pretexting attempts and to verify the authenticity of communications and requests to prevent unauthorised access.
In the final scenario, bad actors target workers across the organisation with curated communication, hoping they will access a compromised website or open a file attachment that installs malware. The attackers might send personalised emails with links to fake websites or attachments that appear to be legitimate. The objective is to educate employees on recognising suspicious emails and links, the importance of secure browsing practices, and the protocols for reporting potential malware threats to maintain a safe and secure work environment.
By incorporating these scenarios using AIG’s Immersive Platform into training programmes, organisations can better prepare their employees to recognise and respond to various security threats. This proactive approach to training helps to mitigate risks and ensure a secure working environment.
