• United States




Pokémon Go’s strategy could thwart cybersecurity threats

Aug 09, 20163 mins
CyberattacksCybercrimeInternet Security

Specific motivations behind any targeted hack make them successful to win the game against organization’s layered defense systems no matter what sort of technology or threat intelligence that the organization uses

By now most people already know the Pokémon GO is a free to play iOS and Android AR game that leverages physical location as its core gaming mechanism. User location data is used a) the gamer’s avatar is represented in a simplified virtual map of his or her location b) when a Pokémon character (cure creatures) is nearby, user’s smartphone camera can be used to scan the nearby area to find and catch the Pokémon. It also provide known as Gyms in the game, in the local landmarks and popular public areas where players can battle with each other.

Why doesn’t the security industry develop a similar technology to track and hunt for cybersecurity threats and adversaries?

[ ALSO ON CSO: What awareness gamification programs can learn from Pokemon Go ]

Today, targeted hackers are ahead in the game of cybersecurity and winning too often by circumventing even layered defense systems of enterprises fenced with the latest and greatest technologies. Therefore, organizations are going with intensified pressure to develop better threat protection and detection capabilities. So industry now needs to work on a game changing innovation ideas to arm their technology and skill to come up with actionable intelligence and hunt effectively and efficiently rather than waiting for another hack to happen.

We need innovative ideas and thinking to go after hunting cyber attackers the way Pokémon GO players go beyond the private areas, restricted areas, and trespassing on property belonging to businesses even cross borders to capture the creatures. The game is so popular that it instructs players to explore their surroundings to collect Pokémon which projects digital images of the cute creatures into the real world.

We need this sort of cybersecurity threat hunting strategy to uniquely develop technology and solutions to eliminate cyber adversaries and attacker’s infrastructure and its presence no matter where they’re in the Starbucks store, on the road in moving cars, inside enterprise business infrastructure by hacking into the systems and then performing lateral malicious activities from there or across states and countries.

Cyberlock Thinkstock

Enterprises are using technologies and solutions like advanced threat detection, threat intelligence sharing with industry and partners, machine learning and even artificial intelligence but these do not seem to help much in creating fences to stop the hackers.

Various cyber security reports indicate that cyber attackers are winning the game, for instance – AT&T’s latest cybersecurity insights report shows that 62 percent of organizations acknowledged they were breached in 2015. The report further adds that 42 percent of those organizations had a significant negative impact on the business.

In an another instance, a specifically designed malware penetrated the Democratic National Committee (DNC) network to hook into system drives, access LDAP servers and maintain a persistent connection to a specified IP address behind the firewall, the research reports.

These reports show that there are specific motivations behind any targeted hack, which make them successful to win the game against an organization’s layered defense systems no matter what sort of technology or threat intelligence that the organizations use to protect and detect cyber threats. So it’s time to develop a technology like Pokémon GO strategy to go after these bad guys and hunt them until their infrastructure, and command and control systems are destroyed across states and international borders.


Ajay Kumar is an information security and risk management consultant with more than 15 years of experience in various industries. Ajay has predominantly worked on initiatives involving enterprise mobile security, cybersecurity, data protection and privacy, security operations, security analytics and identity and access management.

The opinions expressed in this blog are those of Ajay Kumar and do not necessarily represent those of IDG Communications Inc., or its parent, subsidiary or affiliated companies.

More from this author