Game 2: Threat Awareness

Malware Madness

Cloud Confusion

Insider Intrigue

Mobile Mayhem

Shadow IT Showdown

100

What is ransomware?

Malware that encrypts data for ransom

100

What is a cloud service?

Online platform for data storage and access

100

What is an insider threat?

Risk from someone within the organization

100

What is a risk of installing unknown apps?

Malware infection

100

What is shadow IT?

Use of unauthorized tech or apps

200

What is a Trojan?

Malware disguised as legitimate software

200

What is a risk of using public cloud services?

Unwanted data exposure

200

What is a sign of insider threat behavior?

Accessing data outside job scope, Bypassing security controls, Downloading large volumes of data, Using unauthorized devices, Unusual login times

200

What should you do before connecting to public Wi-Fi?

Answers may include dont connect to public Wi-Fi, or use a VPN

200

Why is shadow IT risky?

It bypasses security controls

300

What is the best defense against malware?

Regular updates and antivirus software

300

What is multi-factor authentication?

Using two or more verification methods

300

What helps detect insider threats?

Monitoring and access controls

300

What is a secure way to unlock your phone?

Biometric authentication, 6-digit password/PIN

300

What is a common example of shadow IT?

Using personal cloud storage for work, unlicensed software, unapproved messaging apps

400

What is a sign of malware infection?

Slow performance, Unexpected behavior, Frequent crashes, Unusual pop-ups, Unauthorized access attempts

400

What is a secure way to share files in the cloud?

Use encrypted and access-controlled links

400

What should you do if you suspect insider misuse?

Report to security or HR

400

What is a mobile device management (MDM) tool?

Software to secure and manage mobile devices

400

How can organizations reduce shadow IT?

Provide approved tools and training

500

What should you do if you suspect malware?

Disconnect and report to IT

500

What should you confirm before sharing sensitive data via a cloud platform?

That the platform uses encryption, access controls, and complies with relevant data protection regulations

500

What is a preventive measure against insider threats?

Answers may include least privilege access, DLP tools, background checks, and security reviews

500

What should you do if your phone is lost?

Report and remotely wipe data if no authenticator is used

500

What should you do if you discover shadow IT?

Report it to IT or security