7 security lessons from Game of Thrones

Game of Thrones
Credit: Thinkstock
Small things can become huge problems

In the age of big data, risk once deemed minimal may pose serious threats to companies concerned with keeping the information they’ve collected private, but that begins and ends within the companies and the parameters and protocols they have in place to keep data secure.

Nobody took the dragons or dire wolves seriously in the beginning of Game of Thrones, but by season 3 they  were capable of wreaking havoc and wiping out armies.

Small issues can grow into serious complications If left unchecked.

Everything from employee access to information, to the changing of passwords on a regular basis is uniquely important. Businesses are using mobile systems more often everyday, but mobile security isn’t quite up to par with larger network security endpoints.

Game of Thrones
Faceless men are everywhere

Anonymous has become synonymous with a global network of hackers, connected through common causes, and faceless men attempting to breach network security is nothing new. Legislators are almost always one step behind, while cybercriminals and hackers are always looking toward tomorrow and how to breach the security of tomorrow.

The implementation of new technology, hybrid cloud storage systems, data-splitting, cryptography and centralized storage databases are becoming the norm.

Game of Thrones
Credit: Thinkstock
Walls of fire don’t always help

Modern firewalls are complex and take months to become familiar with, but even the most complex firewall is only software and by its very nature has defects. Unidirectional gateways block attacks from untrusted networks no matter what their IP address is, but without them, it’s easy to bypass firewalls with forged IP addresses, especially if someone has access to the same LAN segment as the network they're trying to breach.

Sometimes all hackers need to breach a firewall are the magic words.

Password theft is the easiest way to break into a network, and the methods attackers have devised to steal passwords have become far more devious.

Spear phishers use extremely convincing emails targeted at people with access to passwords and protocols. Encryption and two-way factor authentication are practically useless against attacks from within a network, but unidirectional gateways block outside communication and attacks into plant networks.

Game of Thrones
Keeping your friends far and your enemies farther

Access to data by individuals within a network, or by trusted employees isn’t always safe. From Mark Abene and Julian Assange, to Chelsea Manning and Edward Snowden, people with access to networks can gather massive amounts of data with limited resources and small windows of time.

In September of 2015, Morgan Stanley realized that 730,000 account numbers were stolen by an employee, whom had been gathering account numbers over a period of three years and had them transferred to a private server at his home. It would be wise for companies with sensitive information to implement a “trust but verify” model, storing data in digital safes and data secure repositories, as well as developing and enforcing “need to know” policies among employees.

Game of Thrones
Credit: Thinkstock
The dead can come back to haunt you

Many small businesses, midsize companies and even large corporations assume that once the hard drives on their computer systems are wiped, they can sell the computers or throw them away without worry, but as we’ve learned from Game Of Thrones, dead doesn’t always mean dead. Some ATA, IDE and SATA hard drive manufacture designs include support for the ATA secure erase standard and have been since the dawn of the 21st century. But research in 2011 found that four out of eight manufacturers did not implement ATA Secure Erase correctly.

Larger companies however, would do best to ensure that data they want gone stays gone. The Gutmann method, a 35-pass overwrite technique, may be considered overkill by some, but it’s been tried and true for years.

Game of Thrones
The iron price

The biggest issue among leading information security experts is a lack of understanding of cloud-based security. The vast majority of web-based companies put more of their financial resources into security software than they put into hardware and the people working for them. A trend among elite web-based companies in big data is hybrid storage; private cloud storage, hyperscale compute storage and centralized storage, all of which combine yesterday’s technology with the technology of tomorrow. The value of data continues to rise, while the value of human beings with access and control of data has remained stagnant.

Game of Thrones
Credit: Thinkstock
The Old Gods, Or The New Gods

From mom and pop small businesses to corporate giants, with each new advance in information technology, new threats arise. From mobile applications to quantum computing, security must develop and adapt in order to cope with the changing times, but how can cloud based security storage handle the massive amounts of data captured without corruption or interference?

“The future of data protection is safe storage and strong encryption. Safe storage is a wide subject but basically I usually do not like anything cloud based, as we say in InfoSec: Cloud storage is just your data stored in someone else's computer,” said Khalil Sehnaoui, founder of Krypton Security, an information security consulting firm.

Obviously small to midsize businesses, as well as a majority of single users, have no choice when it comes to using data storage companies as it is cost effective. In that case, those organizations may want to pay extra attention to security practices, redundancy and multi-layer security and encryption procedures.