Vulnerabilities / Threats
10:00 AM
Orion Cassetto
Orion Cassetto
Connect Directly
E-Mail vvv

Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity

Whether you're Lord Commander of the Night's Watch or the CISO of a mainstream business, it's not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.

**Warning - potential spoiler alert**

The popular Game of Thrones series starts with the ominous warning that “Winter is Coming” and in the mythical Westeros, children are raised hearing stories of "the Long Night," a winter that happened thousands of years ago and supposedly lasted a generation. It was during this Long Night, that man first encountered the White Walkers, an ancient race of ice creatures looking to devour all things good and cover the lands in ice and snow.

In the far less fantastic world in which you and I live today, there is also a growing threat. Like the White Walkers, this threat is the subject of countless stories which haunt the nightmares of modern CISOs: security breaches. Before you scoff, let me point out that mega hacks like Target and Home Depot were so serious that every day non-security people changed their buying habits. The repeated occurrence of huge, public data breaches, the increasingly stringent compliance regulations, and the brand reputational damages associated with breaches are just a few of the things that have elevated cybersecurity from an afterthought to a board-level discussion.

Even scarier, like the White Walkers, security breaches and the hackers causing them show no sign of going away.

Of the many qualities that make the White Walkers such formidable opponents, one stands out as the most impactful: their ability to reanimate corpses of the dead as soldiers in their army. The ramification of this necromancy is a positive feedback loop which has enabled the White Walkers to amass a staggering number of undead troops.  As their numbers swell, their ability to combat the living increases, thus producing more dead that join the ranks.

Likewise security breaches are also growing.  According to data from the last several Verizon Data Breach Investigation Reports, the annual number of security breaches has grown from 759 in 2011 to 1,935 in 2017. This works out to be an average annual growth rate of roughly 22%. There are scores of factors influencing this steady rise in data breaches, among them: a growing sprawl of software available to consumers (which may potentially contain security coding flaws), the fact that more and more devices are connected to the Internet (and thus potential targets), and that human users are still the weakest link in the security equation because they often ignore 'light lifting' security measures like updating passwords.

Game of Thrones seasons one through seven conveniently line up perfectly with this period of time, so we can actually attempt to map data between the series and the DBIR report. While Verizon has a soundly scientific methodology for determining what counts as a data breach and how many occur each year, the actions of White Walkers and their undead servants are not so cut-and-dry.  With that said, we do get hints about the White Walkers with each season that we can use to draw some totally subjective conclusions. And if we overlay our totally scientific data, with our wildly subjective GoT data, we get the following chart. 

Image Source: Exabeam
Image Source: Exabeam

You might disagree with my analysis of the WW army growth trends, but what I’m sure that we both can agree on is that the army is growing rapidly and poses an ever-present threat to the North. That brings me to my next point, what to do about these security threats?

Prepare for the Worst

While it might be the case that The Wall will hold off the White Walkers forever.  Alternatively, it  may only buy the poor folk of Westeros some time before they join the ranks of the undead.  In other words, the longstanding defense mechanisms put in place by the IT security teams of yore (i.e. firewalls, access controls, WAF, etc.), might stave off cyber attackers or they might simply slow them down.

Whether you’re the Lord Commander of the Night’s Watch or CISO of a tech upstart or mainstream business, it’s your job to prepare your organization to defend itself against hackers and threats. You’ll need to understand your adversary, pool and distribute your resources, and invest in the people, processes, and technology necessary to combat the peril your organization is facing. 

Related Content:


Orion Cassetto, senior product maester at Exabeam, has nearly a decade of experience marketing cybersecurity and web application security products. Prior to Exabeam, Orion worked for other notable security vendors including Imperva, Incapsula, Distil Networks, and Armorize ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
8/15/2017 | 9:44:23 AM
They deserved what they got
I read that the administrator passwords were stolen. Why is any enterprise still using passwords (and not one-time-password tokens)? Even ssh keys might have helped.
User Rank: Apprentice
8/14/2017 | 1:14:56 PM
What GOT teaches...
"Winter is here".
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.