Warning: Spoilers Ahead
As Game of Thrones fans sift through emotional ashes left behind after the final fiery episode, conjecture and lamentation over what happened and why has dominated pop culture conversations. Debate among ardent fans will likely continue well into the future, but a couple of things are certain: even though the Iron Throne is now toast, there are many takeaways the cybersecurity industry can draw from based on this eight-year dynastic series.
Here are the top five things data security professionals can take as lessons learned from Game of Thrones:
1. Focusing too much on the present can create a high price to pay in the future.
The here and now is pretty compelling. After all, it’s right in front of us and demands immediate attention. Civil wars, rival armies and domestic uprisings sapped resources on all sides during the show’s 73 episodes, but conspicuously missing was anyone’s long-term plan regarding the future. Significant time and energy was focused on what was just about to happen, inherently creating peril for the needs of future generations. Devoid of long-term planning, history repeated itself with the same problems arising again and again.
Competition and strong demand for digitally transformative technologies thrusts IT and data security professionals into a race to meet the demands of today ‒ a battle that draws attention (and investment) away from the long-term war to protect mission-critical and personally identifiable data. As published in our recent Data Threat Report- Federal Edition, the rush puts sensitive data at risk because modernization efforts create new vulnerabilities with security measures being implemented after the fact. Despite increases in data breaches, sufficient investment in data protection is still too low for federal agencies, setting them up to repeat mistakes of the past.
2. Everyone is vulnerable.
Fire breathing dragons, royal blood, nor money prevented attacks, something repeatedly played out from the very first season when Ned Stark underestimated his vulnerability and paid the ultimate price. Whether emboldened by naiveté, denial or hubris, for years we watched kings and queens fail to recognize the possibility of their own demise. When they didn’t see it coming, threats successfully materialized and the cost was high.
The fact is, no one is immune from attacks. As enterprises struggle with cloud complexity, threats lurking in the background can gather strength and take down an IT infrastructure, expose data and kill a company’s bottom line and reputation. Even though the majority of organizations know they’re vulnerable, this knowledge doesn’t always translate into security best practices: 70% of respondents in our 2019 Data Threat Report-Global Edition are still not using encryption as part of their digital transformation strategy.
3. Insider threats are real.
The unforgettable fate of King Joffrey on his wedding day, followed by lengthy speculation over who in his inner circle poisoned him, is a reminder that not all threats are external and sources are difficult to pinpoint. Examples of insider betrayal are so numerous throughout the entire series, it’s fundamental to the overall plot. In Joffrey’s case, the culprit definitely had nefarious intentions. In the real world, sometimes insider threats are obvious and intentional, but sometimes they’re not. Either way, they’re harmful.
We’ve known for many years that traditional malware prevention methods will continue to become less and less effective, a scene playing out in the media every day: an innocent employee clicks on a link or downloads an attachment in an email triggering a cavalcade of data breaches within an enterprise, costing an organization thousands (and sometimes millions) in losses in addition to fines. IT and data security professionals must be able to simply and efficiently protect and manage encryption keys used to secure sensitive data across the enterprise.
4. Having the right ally is key.
Strategic alliances ‒ some of them unexpected and all of them shifting ‒ were especially necessary at every turn during the entire series. Sometimes alliances were purely a matter of strength in numbers and brute force. Other times, a single person provided more benefit than an entire army. But few would disagree that although the size of Daenerys’ or Cersei’s armies fluctuated, one of them had a huge advantage: dragons. Allying with Daenerys pretty much guaranteed victory.
Protectors of data need the right ally. They need the equivalent of a dragon that can torch any attempt to compromise data security on both sides of the wall. As a worldwide leader in data protection for more than three decades, we know that every single piece of information used to run a business is increasingly at risk, especially as innovative technologies open new avenues for attacks and breaches.
5. Take potential threats very seriously.
She almost had it all: dragons, the Seven Kingdoms, love, the Iron Throne… Daenerys knew Jon posed an enormous threat, yet left herself vulnerable for a single moment and lost everything. Feeling emboldened by defeating Cersei, she let down her guard and didn’t have protection at the precise moment she needed it. Perhaps some end-to-end protection might have changed the course of her fate?
In real life and in the Game of Thrones, threats are ubiquitous and constant vigilance is the only way to win. If data isn’t protected by default wherever it goes over its entire lifecycle, all it takes is a single, unprotected moment to breach. IT and data security pros need an encryption “bodyguard” that constantly accompanies data objects.
Data security professionals should apply these lessons from Game of Thrones to thwart technology attacks in their own ‘game of threats’. To learn more about how internal and external threats are impacting the ability businesses around the globe to safeguard sensitive data, download a copy of our 2019 Data Threat Report-Global Edition.
*** This is a Security Bloggers Network syndicated blog from Data Security Blog | Thales eSecurity authored by Kanav Gandhi. Read the original post at: https://blog.thalesesecurity.com/2019/06/06/game-of-threats-what-the-cybersecurity-industry-can-take-away-from-game-of-thrones/