Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Orion Cassetto
Orion Cassetto
Connect Directly
E-Mail vvv

Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity

Whether you're Lord Commander of the Night's Watch or the CISO of a mainstream business, it's not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.

**Warning - potential spoiler alert**

The popular Game of Thrones series starts with the ominous warning that “Winter is Coming” and in the mythical Westeros, children are raised hearing stories of "the Long Night," a winter that happened thousands of years ago and supposedly lasted a generation. It was during this Long Night, that man first encountered the White Walkers, an ancient race of ice creatures looking to devour all things good and cover the lands in ice and snow.

In the far less fantastic world in which you and I live today, there is also a growing threat. Like the White Walkers, this threat is the subject of countless stories which haunt the nightmares of modern CISOs: security breaches. Before you scoff, let me point out that mega hacks like Target and Home Depot were so serious that every day non-security people changed their buying habits. The repeated occurrence of huge, public data breaches, the increasingly stringent compliance regulations, and the brand reputational damages associated with breaches are just a few of the things that have elevated cybersecurity from an afterthought to a board-level discussion.

Even scarier, like the White Walkers, security breaches and the hackers causing them show no sign of going away.

Of the many qualities that make the White Walkers such formidable opponents, one stands out as the most impactful: their ability to reanimate corpses of the dead as soldiers in their army. The ramification of this necromancy is a positive feedback loop which has enabled the White Walkers to amass a staggering number of undead troops.  As their numbers swell, their ability to combat the living increases, thus producing more dead that join the ranks.

Likewise security breaches are also growing.  According to data from the last several Verizon Data Breach Investigation Reports, the annual number of security breaches has grown from 759 in 2011 to 1,935 in 2017. This works out to be an average annual growth rate of roughly 22%. There are scores of factors influencing this steady rise in data breaches, among them: a growing sprawl of software available to consumers (which may potentially contain security coding flaws), the fact that more and more devices are connected to the Internet (and thus potential targets), and that human users are still the weakest link in the security equation because they often ignore 'light lifting' security measures like updating passwords.

Game of Thrones seasons one through seven conveniently line up perfectly with this period of time, so we can actually attempt to map data between the series and the DBIR report. While Verizon has a soundly scientific methodology for determining what counts as a data breach and how many occur each year, the actions of White Walkers and their undead servants are not so cut-and-dry.  With that said, we do get hints about the White Walkers with each season that we can use to draw some totally subjective conclusions. And if we overlay our totally scientific data, with our wildly subjective GoT data, we get the following chart. 

Image Source: Exabeam
Image Source: Exabeam

You might disagree with my analysis of the WW army growth trends, but what I’m sure that we both can agree on is that the army is growing rapidly and poses an ever-present threat to the North. That brings me to my next point, what to do about these security threats?

Prepare for the Worst

While it might be the case that The Wall will hold off the White Walkers forever.  Alternatively, it  may only buy the poor folk of Westeros some time before they join the ranks of the undead.  In other words, the longstanding defense mechanisms put in place by the IT security teams of yore (i.e. firewalls, access controls, WAF, etc.), might stave off cyber attackers or they might simply slow them down.

Whether you’re the Lord Commander of the Night’s Watch or CISO of a tech upstart or mainstream business, it’s your job to prepare your organization to defend itself against hackers and threats. You’ll need to understand your adversary, pool and distribute your resources, and invest in the people, processes, and technology necessary to combat the peril your organization is facing. 

Related Content:


Orion Cassetto, senior product maester at Exabeam, has nearly a decade of experience marketing cybersecurity and web application security products. Prior to Exabeam, Orion worked for other notable security vendors including Imperva, Incapsula, Distil Networks, and Armorize ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
8/28/2017 | 4:04:45 PM
Re: What GOT teaches...
@Jimmy - I agree. That's a pretty solid framework.

@ Joe - I also agree that we need more emphasis on response and remediation.  Returning to our analogy from the article...

**Spoiler alert - if you haven't watched the Season 7 finale, read no further** 

Now that part of the Wall has come down, the North is in dire need of response and recovery.

Security teams would do well to start investing in automation for the back half of the framework you laid out. Items 5 through 8 have lots of manual steps.  Automation, data science, and ML may be able to help amplify analyst post -ncident prodictiivty.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
8/23/2017 | 8:49:26 PM
Re: What GOT teaches...
@jimmy: I think that too many frameworks place not enough attention on the post-incident -- response and recovery. The NIST Cybersecurity Framework particularly comes to mind, where there are far fewer aspects and standards tied to the "Respond" and "Recover" branches compared to the other three branches (Identity, Protect, and Detect). While security should be proactive over reactionary, there are always more things to do and things to learn from incidents in the post-mortem.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
8/23/2017 | 8:43:02 PM
Paying attention, being prepared
Winter is coming and related GoT lessons ultimately come down to paying attention to what's happening and what's been happening -- and being prepared accordingly.


I wrote a similar piece recently on CIO lessons from Game of Thrones ( here: insights.hpe.com/articles/the-game-of-thrones-cio-5-lessons-of-it-and-fire-1708.html ). One of my takeaways discussed the unfortunate decision by Daenerys and Tyrion to send poorly secured Greyjoy ships with key allies to Dorne when they knew Euron was out looking for Yara and Theon Greyjoy -- resulting in, effectively, "transmission loss."

Make sure you understand your network pathways and you properly secure your transmissions and your network architecture so you too don't lose key packets. ;)
User Rank: Strategist
8/17/2017 | 11:15:45 AM
Re: What GOT teaches...
As the people of the world prepared for white walkers so aslo must the CISO prepares for Cyber attacks. It will come. With the ransome demands from HBO more will come. What HBO need to do is to protect itself from more invasion or penetration into it business. They need to upgrade themselves by teaching their employee Cyber Security Educationas to protect them from further nightmares. We lives in a digital world now, where anything can be acess from anywhere in the world. It takes only a keyboard to do an irreparable damages to business and people lives. They need to create a Framework to protect from external agressions. such frameworks could be.

1. Developing a contigency plan.

2. Risks assessment 

3. Preparation

4. Detection

5. Containment

6. Eradication

7. Recovery.

8. Post incident.


User Rank: Apprentice
8/15/2017 | 9:44:23 AM
They deserved what they got
I read that the administrator passwords were stolen. Why is any enterprise still using passwords (and not one-time-password tokens)? Even ssh keys might have helped.
User Rank: Strategist
8/14/2017 | 1:14:56 PM
What GOT teaches...
"Winter is here".
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-23
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse...
PUBLISHED: 2021-04-23
Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after t...
PUBLISHED: 2021-04-23
Overly relaxed configuration of frontend resources server in Vaadin Designer versions 4.3.0 through 4.6.3 allows remote attackers to access project sources via crafted HTTP request.
PUBLISHED: 2021-04-23
Wowza Streaming Engine through 4.8.5 (in a default installation) has cleartext passwords stored in the conf/admin.password file. A regular local user is able to read usernames and passwords.
PUBLISHED: 2021-04-23
Wowza Streaming Engine through 4.8.5 (in a default installation) has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration.