3 Lessons the Game of Thrones’ Battle of Winterfell Can Teach Us About Cyber Security

Spoiler Alert: This blog contains details about the Game of Thrones’ Season 8 Episode 3.

Game of Thrones delivered on the hyped up angst and expectations that fans have been waiting for with an absolutely epic siege battle at Winterfell. From the start of the battle with the lighting of the Dothraki swords, we experienced some gut-wrenching highs and lows to then witness their calvary being swallowed by the Night King’s army of icy undead soldiers only moments later.

From there, it’s full carnage. Hoards upon hoards of the undead wights continuing to defeat the layered countermeasures of the “good guys.” And, despite a resilient defense and valiant efforts, Winterfell is predictably overrun by the sheer volume of the unrelenting attackers. But, just when everything seems lost, Arya Stark fulfills Melisandre’s foreshadowing of forever shutting many blue eyes by killing the Night King with a deft sleight of hand – along with the entire army that is linked to him.

Aside from being a mind-blowing episode and battle sequence, we can learn some interesting lessons from a cyber security perspective. And, no, it’s not that castle and moat defense architectures aren't relevant anymore.

Here are 3 key takeaways:

  1. The good guys have a math problem.

    There were simply too many threats to address on a 1-1 basis, and those threats kept growing. Our GOT protagonists not only had to fight the existing army of the dead but also had to contend with new wight recruits as they sustained casualties. We get that there is nothing nearly as gruesome in reality that security practitioners face on the job, but there is a striking similarity in terms of the numbers.

    Since Game of Thrones first aired in 2011, the number of known new malware alone has increased by over 1200% with 350,000 new programs registered daily. The number of reported breaches resulting in data loss is up by almost 200% in that same timeframe according to the latest Verizon Data Breach Investigations Report.  And sadly reinforcements aren't anywhere in sight in terms of human capital. There’s a well-understood shortage of skilled cybersecurity talent that organizations face while trying to equip their SOC and IT operations alike.

    Organizations face an inconvenient truth that they can’t, and won’t, ever scale manually to the threats they face. The math won’t allow it. But just like in GOT, that doesn’t mean there’s not a path to victory (more on that below).

  2. There are no silver bullets.

    In the Battle for Winterfell, the alliance mounted a well-organized defense-in-depth posture against the White Walkers’ advances. Each countermeasure layer presented an obstacle with varying effectiveness and helped slow the progression of attack. Like in reality, with enough time, probing, and shifting in tactics (TTPs) the countermeasure effectiveness diminished over time.

    From the Dothraki cavalry, to the Unsullied, to the fire ditch, to castle walls and dragon air support there were no silver bullets – but each layer played its part. Relying on any one countermeasure or implementing an unbalanced investment exclusively in protection, detection, or response ultimately results in a brittle defense with poor outcomes.

  3. Success depends on addressing interconnected strategic risk.

    You simply cannot manually scale to an insurmountable and growing number of threats. The only path for victory at Winterfell was to kill the root cause itself - the Night King. Eliminating him mitigated all the downstream risk of the undead army linked to him.

    In the world of IT security, we have our own Night Kings - they’re called vulnerabilities. By patching a vulnerability, you are eliminating all of the potential threats designed to leverage it. True that patching is not as exciting as Arya’s knife-flip, but it’s literally just as effective.

Next Patch Tuesday change your mindset. Instead of you receiving “just a new set of patches,” consider them a new set of “kingslayers.” Do yourself a favor and patch now before entire classes of attacks are associated with discovered vulnerabilities.

About Automox
Automox is a cloud-based security hygiene platform that reduces organizations exploitable surface area by over 80 percent while cutting effort in half. Automox is a lightweight, infrastructure-free and a globally available SaaS offering that provides constant visibility over both on-prem and remote workforce endpoints. Automox is a single console with intuitive automation workflows that are consistent across Windows, Mac, and Linux. Our platform enforces OS & third-party patches, security configurations, software deployment, and custom scripting to dramatically reduce effort, time and complexity through automation. Automox is cyber hygiene re-invented.

To sign up for a free 15-day trial of Automox’s cloud-based, automated patch management solution, visit www.automox.com/signup.

Subscribe to Our Newsletter

Stay up to date on all things patch management

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.