Game of Thrones can teach you valuable security lessons

With new hacking techniques, malware, viruses and threats being created faster than Melisandre’s demon babies, the web is indeed dark and full of terrors. Here are seven lessons for security managers pulled straight out of Westeros.

With new hacking techniques, malware, viruses and threats being created faster than Melisandre’s demon babies, the web is indeed dark and full of terrors. Here are seven lessons for security managers pulled straight out of Westeros.

1. Small things can become huge problems

In the age of big data, risk once deemed minimal may pose serious threats to companies concerned with keeping the information they’ve collected private, but that begins and ends within the companies and the parameters and protocols they have in place to keep data secure.

Nobody took the dragons or dire wolves seriously in the beginning of Game of Thrones, but by season 3 they were capable of wreaking havoc and wiping out armies.

Small issues can grow into serious complications If left unchecked.

Everything from employee access to information, to the changing of passwords on a regular basis is uniquely important. Businesses are using mobile systems more often everyday, but mobile security isn’t quite up to par with larger network security endpoints.

“I think it’s more dangerous in some ways with mobile systems that business endpoints do. Even home systems are better monitored to resist attack. Android has critical vulnerabilities,” said Gene Spafford, professor and executive director at Purdue University, Computer Software Consultant. “The trend is generally making mobile devices more powerful, all purpose computer systems, so the threat increases.”

2. Faceless men are everywhere

Anonymous has become synonymous with a global network of hackers, connected through common causes, and faceless men attempting to breach network security is nothing new. Legislators are almost always one step behind, while cybercriminals and hackers are always looking toward tomorrow and how to breach the security of tomorrow.

Much like the faceless assassins of the house of black and white who approach their victims anonymously through seemingly friendly interactions (Season 5 Episode 2), cybercriminals make common practice of seeking out and learning everything they can about a target before phishing for their information.

They may procure the information they seek by phishing for personal information via email, text messages and even phone calls. They will engage their victims slowly but surely taking each step as it comes, and using every bit of information given to their advantage in the retrieval of more.

While a skilled and more often than not lone hacker will often use their talents to breach the gates of companies and corporations alike for the simple purpose of retrieving information for the sake of access to information, networks of cybercriminals, or a particularly malicious individual will break into a network with the intent of interference, surveillance, counter surveillance, cyberlaundering, and the overall goal of bringing a company to its knees.

In the world of Game of Thrones, the many faced god is a just god; who takes a life for a life. In the real world, faceless attackers have far more disguises at their disposal, and will use them to their advantage at every turn made available to them. While the ends differ, the means remain the same.

These days cyber-attacks are more common and becoming more sophisticated every day.

What they’re after isn’t always clear, but for every method used by cybercriminals and hackers seeking information, The implementation of new technology, hybrid cloud storage systems, data-splitting, cryptography and centralized storage databases are becoming the norm.

3. Walls of fire don’t always help

Modern firewalls are complex and take months to become familiar with, but even the most complex firewall is only software and by its very nature has defects. Unidirectional gateways block attacks from untrusted networks no matter what their IP address is, but without them, it’s easy to bypass firewalls with forged IP addresses, especially if someone has access to the same LAN segment as the network they're trying to breach.

In Game of Thrones, the seven kingdoms of Westeros are protected by a 700 foot, 300 mile wide wall of solid ice that was built by “Bran The Builder.”

It has magical spells woven into it to White Walkers out, but many of those spells have been undone by Bran Stark. Now the wall is just a wall.

Sometimes all hackers need to breach a firewall are the magic words.

Password theft is the easiest way to break into a network, and the methods attackers have devised to steal passwords have become far more devious.

Spear phishers use extremely convincing emails targeted at people with access to passwords and protocols. Encryption and two-way factor authentication are practically useless against attacks from within a network, but unidirectional gateways block outside communication and attacks into plant networks.

4. Keeping your friends far and your enemies farther

Access to data by individuals within a network, or by trusted employees isn’t always safe. From Mark Abene and Julian Assange, to Chelsea Manning and Edward Snowden, people with access to networks can gather massive amounts of data with limited resources and small windows of time.

As seen on Game of Thrones, as Lord “Littlefinger” Baelish and Varys “The Spider” use their networks of information in the form of “Little Birds” to grasp and grip in the power struggle between kingdoms, even the weakest link can bring down, or at the very least contribute to the fall of kings.

In September of 2015, Morgan Stanley realized that 730,000 account numbers were stolen by an employee, whom had been gathering account numbers over a period of three years and had them transferred to a private server at his home. It would be wise for companies with sensitive information to implement a “trust but verify” model, storing data in digital safes and data secure repositories, as well as developing and enforcing “need to know” policies among employees.

5. The dead can come back to haunt you

Many small businesses, midsize companies and even large corporations assume that once the hard drives on their computer systems are wiped, they can sell the computers or throw them away without worry, but as we’ve learned from Game Of Thrones, dead doesn’t always mean dead. Some ATA, IDE and SATA hard drive manufacture designs include support for the ATA secure erase standard and have been since the dawn of the 21st century. But research in 2011 found that four out of eight manufacturers did not implement ATA Secure Erase correctly.

If we’ve learned anything from Game of Thrones, it’s that death doesn’t always mean forever.

Much like Melisandre and Thoros use magic words to resurrect the dead,
cybercriminals and hackers alike can resurrect data from sources long thought to be dead.

All data has value, and the retrieval of most trivial data from major corporations can be valuable to a company from its infancy to the big leagues.

Small businesses and midsize companies may not be concerned with hackers or intelligence agencies attempting to retrieve data from their hard drives after they’ve been wiped. Larger companies and corporations however, would do best to ensure that data they want gone stays gone.The Gutmann method, a 35-pass overwrite technique, may be considered overkill by some, but it’s been tried and true for years and may work for years to come.

6. The iron price

The biggest issue among leading information security experts is a lack of understanding of cloud-based security. The vast majority of web-based companies put more of their financial resources into security software than they put into hardware and the people working for them. A trend among elite web-based companies in big data is hybrid storage; private cloud storage, hyperscale compute storage and centralized storage, all of which combine yesterday’s technology with the technology of tomorrow. The value of data continues to rise, while the value of human beings with access and control of data has remained stagnant.

From software to hardware, the cost of information security can be expensive, but it’s worth it. In Game of Thrones, Valyrian Steel is a rare commodity, but it’s one of the few things that shatter a White Walker into ice dust.

“It comes down to valuation and people’s understanding, said Spafford. “If people better understood the cost involved. Centralized storage may cost more, but it comes down to valuation of the data. There are some things being tried by organizations using data splitting and cryptography, it requires extra processing and can be hard to audit. What is the real cost of sharing, valued with operational cost? A number of people aren’t willing to spend to protect the information they are trying to protect.”

7. The Old Gods, Or The New Gods

In Game of Thrones, there are many different religions and gods the inhabitants of Westeros and the seven kingdoms pray to, and everyone seems certain that their deities are the greatest, but who can we turn to for protection in the real world?

From mom and pop small businesses to corporate giants, with each new advance in information technology, new threats arise. From mobile applications to quantum computing, security must develop and adapt in order to cope with the changing times, but how can cloud based security storage handle the massive amounts of data captured without corruption or interference?

“Technology is always evolving. And very fast. This causes a lot of consumer products, whether hardware or software, to be released without having gone through proper security testing as the latter takes time, is costly and could cause delays in product releases which would in turn have a company fall behind competitors,” said Khalil Sehnaoui, founder of Krypton Security, an information security consulting firm. “The future of data protection is safe storage and strong encryption. Safe storage is a wide subject but basically I usually do not like anything cloud based, as we say in InfoSec: Cloud storage is just your data stored in someone else's computer.”

Obviously small to midsize businesses, as well as a majority of single users, have no choice when it comes to using data storage companies as it is cost effective. In that case, those organizations may want to pay extra attention to security practices, redundancy and multi-layer security and encryption procedures.

“Hybrid Data Storage is for now one of the best solutions as it is cost effective, offers high capacity and good manageability. Hybrid Hard Drives mix old Hard Disk Drive (HDD) storage capacity with speedier Solid State Drives (SSD) on a single drive. This allows the most used data to be cached and accessed quickly. Only a small SSD volume is needed to get high performance gains. Booting times are also improved,” said Khalil.

So what is the best solution for companies trying to ensure their data is secure? The best solution it seems is a combination of the old and the new.

From small businesses to big data giants, hybrid data storage, repositories and a better understanding of cloud based security systems will become the new normal.

Join the CSO newsletter!

Error: Please check your email address.

More about CSOindeedLANModernMorganMorgan StanleyTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Vincenzo Marsden

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place