Vulnerabilities / Threats

8/11/2017
10:00 AM
Orion Cassetto
Orion Cassetto
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity

Whether you're Lord Commander of the Night's Watch or the CISO of a mainstream business, it's not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.

**Warning - potential spoiler alert**

The popular Game of Thrones series starts with the ominous warning that “Winter is Coming” and in the mythical Westeros, children are raised hearing stories of "the Long Night," a winter that happened thousands of years ago and supposedly lasted a generation. It was during this Long Night, that man first encountered the White Walkers, an ancient race of ice creatures looking to devour all things good and cover the lands in ice and snow.

In the far less fantastic world in which you and I live today, there is also a growing threat. Like the White Walkers, this threat is the subject of countless stories which haunt the nightmares of modern CISOs: security breaches. Before you scoff, let me point out that mega hacks like Target and Home Depot were so serious that every day non-security people changed their buying habits. The repeated occurrence of huge, public data breaches, the increasingly stringent compliance regulations, and the brand reputational damages associated with breaches are just a few of the things that have elevated cybersecurity from an afterthought to a board-level discussion.

Even scarier, like the White Walkers, security breaches and the hackers causing them show no sign of going away.

Of the many qualities that make the White Walkers such formidable opponents, one stands out as the most impactful: their ability to reanimate corpses of the dead as soldiers in their army. The ramification of this necromancy is a positive feedback loop which has enabled the White Walkers to amass a staggering number of undead troops.  As their numbers swell, their ability to combat the living increases, thus producing more dead that join the ranks.

Likewise security breaches are also growing.  According to data from the last several Verizon Data Breach Investigation Reports, the annual number of security breaches has grown from 759 in 2011 to 1,935 in 2017. This works out to be an average annual growth rate of roughly 22%. There are scores of factors influencing this steady rise in data breaches, among them: a growing sprawl of software available to consumers (which may potentially contain security coding flaws), the fact that more and more devices are connected to the Internet (and thus potential targets), and that human users are still the weakest link in the security equation because they often ignore 'light lifting' security measures like updating passwords.

Game of Thrones seasons one through seven conveniently line up perfectly with this period of time, so we can actually attempt to map data between the series and the DBIR report. While Verizon has a soundly scientific methodology for determining what counts as a data breach and how many occur each year, the actions of White Walkers and their undead servants are not so cut-and-dry.  With that said, we do get hints about the White Walkers with each season that we can use to draw some totally subjective conclusions. And if we overlay our totally scientific data, with our wildly subjective GoT data, we get the following chart. 

Image Source: Exabeam
Image Source: Exabeam

You might disagree with my analysis of the WW army growth trends, but what I’m sure that we both can agree on is that the army is growing rapidly and poses an ever-present threat to the North. That brings me to my next point, what to do about these security threats?

Prepare for the Worst

While it might be the case that The Wall will hold off the White Walkers forever.  Alternatively, it  may only buy the poor folk of Westeros some time before they join the ranks of the undead.  In other words, the longstanding defense mechanisms put in place by the IT security teams of yore (i.e. firewalls, access controls, WAF, etc.), might stave off cyber attackers or they might simply slow them down.

Whether you’re the Lord Commander of the Night’s Watch or CISO of a tech upstart or mainstream business, it’s your job to prepare your organization to defend itself against hackers and threats. You’ll need to understand your adversary, pool and distribute your resources, and invest in the people, processes, and technology necessary to combat the peril your organization is facing. 

Related Content:

 

Orion Cassetto, senior product maester at Exabeam, has nearly a decade of experience marketing cybersecurity and web application security products. Prior to Exabeam, Orion worked for other notable security vendors including Imperva, Incapsula, Distil Networks, and Armorize ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Exabeam_Orion
50%
50%
Exabeam_Orion,
User Rank: Apprentice
8/28/2017 | 4:04:45 PM
Re: What GOT teaches...
@Jimmy - I agree. That's a pretty solid framework.

@ Joe - I also agree that we need more emphasis on response and remediation.  Returning to our analogy from the article...

**Spoiler alert - if you haven't watched the Season 7 finale, read no further** 

Now that part of the Wall has come down, the North is in dire need of response and recovery.

Security teams would do well to start investing in automation for the back half of the framework you laid out. Items 5 through 8 have lots of manual steps.  Automation, data science, and ML may be able to help amplify analyst post -ncident prodictiivty.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/23/2017 | 8:49:26 PM
Re: What GOT teaches...
@jimmy: I think that too many frameworks place not enough attention on the post-incident -- response and recovery. The NIST Cybersecurity Framework particularly comes to mind, where there are far fewer aspects and standards tied to the "Respond" and "Recover" branches compared to the other three branches (Identity, Protect, and Detect). While security should be proactive over reactionary, there are always more things to do and things to learn from incidents in the post-mortem.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
8/23/2017 | 8:43:02 PM
Paying attention, being prepared
Winter is coming and related GoT lessons ultimately come down to paying attention to what's happening and what's been happening -- and being prepared accordingly.

SPOILER ALERT

I wrote a similar piece recently on CIO lessons from Game of Thrones ( here: insights.hpe.com/articles/the-game-of-thrones-cio-5-lessons-of-it-and-fire-1708.html ). One of my takeaways discussed the unfortunate decision by Daenerys and Tyrion to send poorly secured Greyjoy ships with key allies to Dorne when they knew Euron was out looking for Yara and Theon Greyjoy -- resulting in, effectively, "transmission loss."

Make sure you understand your network pathways and you properly secure your transmissions and your network architecture so you too don't lose key packets. ;)
jmmyTor
100%
0%
jmmyTor,
User Rank: Strategist
8/17/2017 | 11:15:45 AM
Re: What GOT teaches...
As the people of the world prepared for white walkers so aslo must the CISO prepares for Cyber attacks. It will come. With the ransome demands from HBO more will come. What HBO need to do is to protect itself from more invasion or penetration into it business. They need to upgrade themselves by teaching their employee Cyber Security Educationas to protect them from further nightmares. We lives in a digital world now, where anything can be acess from anywhere in the world. It takes only a keyboard to do an irreparable damages to business and people lives. They need to create a Framework to protect from external agressions. such frameworks could be.

1. Developing a contigency plan.

2. Risks assessment 

3. Preparation

4. Detection

5. Containment

6. Eradication

7. Recovery.

8. Post incident.

 

 
jarome
0%
100%
jarome,
User Rank: Apprentice
8/15/2017 | 9:44:23 AM
They deserved what they got
I read that the administrator passwords were stolen. Why is any enterprise still using passwords (and not one-time-password tokens)? Even ssh keys might have helped.
zzx375
100%
0%
zzx375,
User Rank: Apprentice
8/14/2017 | 1:14:56 PM
What GOT teaches...
"Winter is here".
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Search Cybersecuruty and you will get unicorn.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.