Use this view live with players instead of consulting the separate cheatsheet.
Blocked 2 attacks this round:
The controller upgrade has really helped the business. It’s more secure, provides better visibility, and the team are confident in its reliability. Any issues from the earlier suspicious visit have been effectively neutralised. Operations continue as normal. Share price holds strong.
By now, the pattern is painfully familiar. Another wave of malicious traffic hits and once again, there's nothing in place to stop it. Office systems crash. The plant network buckles. Staff sit staring at frozen screens for the third time this quarter, and IT are running out of ways to explain why the same problem keeps happening. The board is asking uncomfortable questions about why basic network defences still haven't been implemented. Clients and partners are losing patience. The share price doesn't just dip this time - it nosedives.
Could have been prevented by: Firewall (Office), Firewall (Plant)
The phishing kiddie attacker has evolved. Using freely available AI tools, they begin generating highly convincing phishing emails at scale - each one personalised, well-written, and near-indistinguishable from genuine internal communications. Employees across multiple departments are targeted simultaneously. The sheer volume overwhelms IT's ability to respond, and several more sets of credentials are compromised before the campaign is even identified. Business operations grind to a halt as systems are locked down for investigation. The board demands answers. The share price plummets.
Could have been prevented by: Security training
Data from the office server is found for sale on the dark web, including sensitive company information such as emails, HR records, client contracts, and banking details. The breach becomes public, leading to significant reputational damage and a sharp drop in share price.
Could have been prevented by: Server Upgrade, Database Encryption
As it turns out, the previous anomalies in the plant database weren't random. The Mafia has been changing the entries to affect the share price. The business is now being investigated for insider trading - it should have gotten encryption on that database!
Could have been prevented by: Database Encryption
An employee's laptop is stolen from a car. It contains unencrypted client data and internal documents. Regulatory notification is required and share price suffers lightly.
Could have been prevented by: PC Encryption
These events occurred but had no share price impact this round.
Your network is being actively explored. The layout is known, the weak points are visible, and the next step wouldn’t be guessing – it would be choosing the easiest way in.
A random USB stick is found - a staff member claims this as their own and goes to plug it in. After 10 minutes of trying all ports on their computer, they realise it doesn't work. From internal alerts, the IT team finds out that someone plugged in an unauthorised USB stick. The staff member is warned of the risks, but thankfully nothing happened!
Review the full game summary after this critical failure.
View Round Summary