SPOILER WARNING: This blog post contains spoilers from the entire TV series of Game of Thrones thus far. Read at your own risk.
A Song of Ice and Firewalls
As season seven of Game of Thrones wraps up, the final showdown between the living and the dead draws ever closer. Watching Jon Snow and his allies prepare their forces for the impending war, I can’t help but see similarities between the defenses of the Night’s Watch and those of cyber security teams in the real world.
The Night’s Watch is a sworn brotherhood of unsung heroes sworn to keep the Seven Kingdoms safe from the unknowns of Westeros’ northern border. More specifically, it’s their duty to defend The Wall from invading forces of White Walkers, wights and wildlings from beyond. This is similar to the responsibilities of today’s cyber security teams of keeping corporate data safe from malicious cyber attackers.
Here are three things we can learn about cyber security from The Night’s Watch.
Beware of Zombie Accounts
In season one, the bodies of two missing Night’s Watchmen are retrieved from the haunted forest just beyond The Wall, and are brought back to Castle Black. Once night falls, one of the bodies reanimates as a wight, and attacks Jon Snow. It’s not until Jon sets the wight on fire that it’s finally put to rest for good.
The lesson here is that just because an employee has left your employ, doesn’t mean their digital account isn’t a threat to security. Research finds that over half of ex-employees still have zombie accounts that can be used to access corporate apps and data. Hence, cyber security teams need to metaphorically “burn the bodies” of former employee accounts to mitigate this risk.
One simple way of achieving this is through an Identity as a Service (IDaaS) solution, wherein your security team can efficiently deprovision employees completely through both automated and manual processes.
Take potential threats seriously
If the Lord Commander of the Night’s Watch is the CSO of Westeros, then the King of the Seven Kingdoms is the CEO.
A consistent frustration in GoT is how the great families of Westeros childishly squabble amongst themselves while the real threat of the White Walkers continues to rapidly grow beyond The Wall. Despite the Night’s Watch’s requests from the leaders of the seven kingdoms for more resources to defend The Wall, they are never taken seriously. The southerners believe that White Walkers are just a myth. And even if they did exist, The Wall would be enough to stop them.
Tragically, the hubris of leaders south of The Wall is sure to cost the Seven Kingdoms dearly in the great war to come.
Similarly, in the real world, it’s critical for organizational leadership to make the necessary investments to defend against increasing security threats as soon as possible. Although you may not see a threat or assume its likelihood is low, the threat still exists. To assume that your organization is safe because you have a wall at the edge of your kingdom of ice, fire, or otherwise is a risky state of being.
Currently, only a quarter of board members see cyber security as their top priority, despite the fact that cyber attacks are rapidly becoming a greater threat. Even worse, over half of board members find difficulty understanding security risks vs. other risks (legal, financial, etc.), and find security reports to be too technical. This suggests an inability to fully comprehend — let alone address — cyber security risks. Thus, companies would be well-served to use technical understanding as a hiring criterion for board members.
Everyone has a part to play
Throughout the first few seasons of GoT, viewers are constantly reminded of how ill-equipped the Night’s Watch is. The Wall is supposed to be manned by thousands of seasoned knights distributed amongst The Wall’s 19 castles. Unfortunately for the Seven Kingdoms, only a few hundred untrained boys and criminals are posted at 3 of The Wall’s castles - each with scarce food, resources and weapons.
By the time Jon Snow becomes King in the North, it’s apparent that The Wall won’t be receiving more men from King’s Landing. To account for this, Jon takes an “all-hands-on-deck” approach to fortifying The Wall. He enlists help from the wildlings and several Northern families. He commands that anyone who can hold a sword be trained to fight - including young boys and girls. The Northern Lords reluctantly agree to this because they understand that everyone’s lives hang in the balance and everyone has a part to play.
Key takeaways from King Jon’s leadership: One, he’s not so naive to believe that The Wall is impenetrable. Two, he understands that people are the most important defense against outside threats. And three, Jon knows that training all able bodied subjects to defend themselves is key to security.
Proper policies and training are key to any cyber security strategy. Every organization’s security team only has a finite amount of time and resources, which means everyone at an organization, from marketing to sales to customer support, has to take some responsibility. All employees should be trained in how to utilize password best practices like using passphrases instead of shorter passwords, keeping passwords secure (i.e. not writing them down), and not reusing passwords for multiple accounts.
Employees should also know how to identify and respond to common threats like malware and phishing emails. This last point is critical, since phishing emails are the #1 method of delivering malware, and the vast majority of organizations have been targeted by phishing.
It’s not just the job of Night’s Watch, or your cyber security team, to secure the domain; it’s everyone’s job.
Game of Thrones is almost over, and it’s clear that the Seven Kingdoms will have their hands full very soon. Hopefully, this post has given some insight into what security teams can learn from the lords of Westeros.
Enjoy the season finale, everyone! Valar Morghulis.