Awareness through play: DOGANA cards game

Written by Cyrille Martins, THALES

Advanced persistent threats (APT) usually start with a compromise phase, to penetrate a target organization’s network and gain a foothold in the environment. This phase targets the organization’s individuals, making use of social engineering skills to exploit human vulnerability, gain people trust, and get knowledge on the best way to hit the organization.  But while everybody can be a potential breach for an attacker, everybody cannot be a cybersecurity expert. Then, how to make people aware of this kind of attack and realize the criticality of the slightest information they disclose, in a way that will entertain them and that they will remember?


Play the role of the attacker

DOGANA cards game is an educational board game, developed by Thales, teaching its players how an effective attack on a company system can be performed thanks to gathering information on target employees. It is playable between 2 and 6 players, who take the role of hackers that share the same target and play the one against the others in order to be the one to bring down the company system.

The objective of each player is to complete its mission before the others. A mission consists in 2 technical attacks to perform on a target company system. A technical attack can be performed by gathering enough information about the company system itself or personal and professional information on its employees, with always some probability of failure depending on the amount of gathered information (the more useful information is gathered, the more likely the attack will succeed). Moreover, each succeeded attack leads the company to reinforce its defences and make the next similar attack more difficult to perform. The first player to complete its mission can claim its victory. In order to progress in the game, players collect actions to play each turn that consist either in information gathering through social engineering attacks, or in player interactive actions in order to block the progression of the other players.

By enabling the players to take the perspective of hackers, the game provides an opportunity to understand how accumulation of small and seemingly insignificant information can finally lead to an effective and severe attack on their company system. By involving randomness in the realization of the attack, the game highlights that no technical attack can be guaranteed and that the required information and the moment of the attack must be carefully selected. Finally, by enabling the players to interact with each other, the game does not only focus about the educational message but also becomes fun to play.


A game for dummies

DOGANA cards game’s gameplay relies on the usual APT mechanics, without focusing on the realism of the actions performed by the players, but accompanied by anecdotes to illustrate their meaning and match them to real past cyber-attacks. The game is for those that have no particular cybersecurity knowledge and aims to teach them how this kind of attacks could have been harmful in the past, and make them think how in their daily work they may be confronted to such actions.

DOGANA cards game has been early adopted within internal Thales training programs, through a generalist professional awareness program about cybersecurity.


Present with Thales in cybersecurity events

In 14th November 2017, Olivier Bettan and Cyrille Martins (Thales) presented DOGANA cards game within Thales stand of Forum Cybersecurité in Paris , a French recruitment forum dedicated to cybersecurity and cyber defence jobs. Besides Thales, this event gathered around 700 job candidates and 200 professional contributors from several main cybersecurity actors like Airbus, Atos, Directorate General of Armaments, National Cybersecurity Agency of France, Naval Group, Orange, and many others, allowing them to strengthen their brand in the ecosystem and recruit new employees.



by Cyrille Martins (THALES)

This project has received funding from the European Union’s Horizon 2020 Research and Innovation programme, under grant agreement No. 653618




The DOGANA phishing videogame

Want to try it?
Read more here and contact us


Phishing: awareness through play

Want to try it?
Read more here and contact us


Contraband pixels and texts
Read all about our liteary-graphic competition on phishing and social engineering

All the pictures and novels