Use this view live with players instead of consulting the separate cheatsheet.
The office firewall detects a sudden spike in suspicious inbound traffic and automatically filters it out. Staff may notice a brief moment of sluggishness, but services remain fully available and work continues uninterrupted.
The server upgrade has gone very well - systems are stable and performing reliably. The team are very happy, and file management feels much snappier. Share price holds strong.
Blocked 2 attacks this round:
An individual shows up at the plant claiming to be there for urgent controller maintenance. High-vis, tools, the lot. His details don’t check out. He’s refused entry and leaves the site. CCTV and access logs capture the whole interaction, confirming no systems were accessed and the incident is contained.
The phishing kiddie attacker has evolved. Using freely available AI tools, they begin generating highly convincing phishing emails at scale - each one personalised, well-written, and near-indistinguishable from genuine internal communications. Employees across multiple departments are targeted simultaneously. The sheer volume overwhelms IT's ability to respond, and several more sets of credentials are compromised before the campaign is even identified. Business operations grind to a halt as systems are locked down for investigation. The board demands answers. The share price plummets.
Could have been prevented by: Security training
As it turns out, the previous anomalies in the plant database weren't random. The Mafia has been changing the entries to affect the share price. The business is now being investigated for insider trading - it should have gotten encryption on that database!
Could have been prevented by: Database Encryption
An employee's laptop is stolen from a car. It contains unencrypted client data and internal documents. Regulatory notification is required and share price suffers lightly.
Could have been prevented by: PC Encryption
These events occurred but had no share price impact this round.
A random USB stick is found - a staff member claims this as their own and goes to plug it in. After 10 minutes of trying all ports on their computer, they realise it doesn't work. From internal alerts, the IT team finds out that someone plugged in an unauthorised USB stick. The staff member is warned of the risks, but thankfully nothing happened!
All four rounds are complete.
View Full Game Report