When the first four episodes of the new series of blockbuster TV show Game of Thrones were leaked ahead of its global debut, it was a timely reminder of just how difficult it is to secure sensitive data and intellectual property as it passes through organisations and their supply chains.
It also made me think about how the struggles between the warring family houses of Lannister, Stark, Baratheon and Targaryen in the epic drama are won – and lost – as a result of some very basic security issues. Despite the fact that communications in Westeros are done by messengers and ravens rather than email, mobile and IM, there are still serious security lessons that can be learned.
Let’s take a look at some of the key security issues highlighted in the series, and what companies can learn from them.
Just because it looks secure it doesn’t mean it is
Kings Landing looks imposing. The capital of Westeros is surrounded by tall walls, manned by a city watch, and is protected to the North by Blackwater Bay which is patrolled by the royal fleet. However, as Tyrion Lannister discovered just in time, the Mud Gate is a key weakness in the City’s defences, and one that came close to being exploited by Stannis Baratheon’s army.
However well protected an organisation may look against internet borne threats it doesn’t necessarily mean it is secure. Organisations must distinguish between ‘what looks to be secure’ and ‘actually is secure’ by regularly testing their networks and deploying solutions that are known to offer the highest levels of protection.
The danger of misinformation
In the Battle of Whispering Wood Jamie Lannister is falsely led to believe that Robb Stark’s forces are severely depleted and that victory is near. Robb Stark sends a small force to lead Jamie to him. Jamie is lured North and right into the trap Robb set for him. When Jamie comes out, the raiders fall back to a point where the rest of the Stark force are waiting, and he is taken captive.
Businesses equally need to be aware of the dangers of misinformation. Subterfuge is used by hackers in phishing attacks that target businesses with emails containing links and attachments that look official, but actually contain aggressive malware or lure people to unwittingly hand over sensitive data and information. Just because something looks legitimate doesn’t mean it is.
Beware of the unknown
In Series 2 Renly and Stannis Baratheon are on the verge of a battle for the crown. Unbeknown to Renly, Stannis is being assisted by Melisandre – The Red Lady, a priestess with dark magical powers. The Red Lady gives birth to a demon that is able to infiltrate Renly’s defences before taking the form of Stannis and stabbing him in the heart.
In the online world attackers are always seeking new ways to target organisations with new, shape shifting, unknown variants of malware. Businesses need to ensure they deploy robust next-generation security solutions that can limit the damage unknown threats can cause. Ignorance of a threat ultimately won’t stop it attacking you.
Beware of the trusted insider
Toward the end of season one Ned Stark places his faith in his trusted advisor Lord Baelish, who assists him in investigating the death of the last Hand of the King, then offers to buy the support of the City Watch for Ned’s coup against the newly crowned King Joffrey. That trust is ultimately misplaced as Lord Baelish betrays him, slaughtering his entire fighting force, leading to Lord Stark’s execution in the season finale.
Just like Ned Stark, organisation’s security can easily be undone by an insider’s unwitting or malicious actions. Employees are an easy target for attackers and they can undo an entire security system with a single ill-advised mouse click. Organisations must not only protect against threats entering the network but also educate staff about their role in protecting the network.
It’s not a case of if – it’s when
‘Winter is Coming’. The motto of house Stark, one of warning and constant vigilance. The Starks, being the lords of the North, strive to always be prepared for the coming of winter, which hits their lands the hardest.
Similarly, it isn’t a case of ‘if’ an organisation will be targeted by hackers but ‘when’ – and organisations should be prepared for an attack and remain constantly vigilant in securing their network against internet borne threats.
While businesses are unlikely to pay for their security mistakes with their lives, unlike their Game of Thrones counterparts, the consequences of not learning the lessons from the TV blockbuster are still severe.
Organisations increasingly rely on their networks to conduct business, their valuable assets are stored digitally and security breaches can be crippling. And just like the kingdom of Westeros, businesses can’t solely rely on a solid wall and the Night’s Watch to keep them secure from the threats that lie beyond.