3 Lessons the Game of Thrones’ Battle of Winterfell Can Teach Us About Cyber Security

Spoiler Alert: This blog contains details about the Game of Thrones’ Season 8 Episode 3.

Game of Thrones delivered on the hyped up angst and expectations that fans have been waiting for with an absolutely epic siege battle at Winterfell. From the start of the battle with the lighting of the Dothraki swords, we experienced some gut-wrenching highs and lows to then witness their calvary being swallowed by the Night King’s army of icy undead soldiers only moments later.

From there, it’s full carnage. Hoards upon hoards of the undead wights continuing to defeat the layered countermeasures of the “good guys.” And, despite a resilient defense and valiant efforts, Winterfell is predictably overrun by the sheer volume of the unrelenting attackers. But, just when everything seems lost, Arya Stark fulfills Melisandre’s foreshadowing of forever shutting many blue eyes by killing the Night King with a deft sleight of hand – along with the entire army that is linked to him.

Aside from being a mind-blowing episode and battle sequence, we can learn some interesting lessons from a cyber security perspective. And, no, it’s not that castle and moat defense architectures aren't relevant anymore.

Here are 3 key takeaways:

  1. The good guys have a math problem.

    There were simply too many threats to address on a 1-1 basis, and those threats kept growing. Our GOT protagonists not only had to fight the existing army of the dead but also had to contend with new wight recruits as they sustained casualties. We get that there is nothing nearly as gruesome in reality that security practitioners face on the job, but there is a striking similarity in terms of the numbers.

    Since Game of Thrones first aired in 2011, the number of known new malware alone has increased by over 1200% with 350,000 new programs registered daily. The number of reported breaches resulting in data loss is up by almost 200% in that same timeframe according to the latest Verizon Data Breach Investigations Report.  And sadly reinforcements aren't anywhere in sight in terms of human capital. There’s a well-understood shortage of skilled cybersecurity talent that organizations face while trying to equip their SOC and IT operations alike.

    Organizations face an inconvenient truth that they can’t, and won’t, ever scale manually to the threats they face. The math won’t allow it. But just like in GOT, that doesn’t mean there’s not a path to victory (more on that below).

  2. There are no silver bullets.

    In the Battle for Winterfell, the alliance mounted a well-organized defense-in-depth posture against the White Walkers’ advances. Each countermeasure layer presented an obstacle with varying effectiveness and helped slow the progression of attack. Like in reality, with enough time, probing, and shifting in tactics (TTPs) the countermeasure effectiveness diminished over time.

    From the Dothraki cavalry, to the Unsullied, to the fire ditch, to castle walls and dragon air support there were no silver bullets – but each layer played its part. Relying on any one countermeasure or implementing an unbalanced investment exclusively in protection, detection, or response ultimately results in a brittle defense with poor outcomes.

  3. Success depends on addressing interconnected strategic risk.

    You simply cannot manually scale to an insurmountable and growing number of threats. The only path for victory at Winterfell was to kill the root cause itself - the Night King. Eliminating him mitigated all the downstream risk of the undead army linked to him.

    In the world of IT security, we have our own Night Kings - they’re called vulnerabilities. By patching a vulnerability, you are eliminating all of the potential threats designed to leverage it. True that patching is not as exciting as Arya’s knife-flip, but it’s literally just as effective.

Next Patch Tuesday change your mindset. Instead of you receiving “just a new set of patches,” consider them a new set of “kingslayers.” Do yourself a favor and patch now before entire classes of attacks are associated with discovered vulnerabilities.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.