Editor’s word: Comprises main spoilers for the TV present Squid Sport.
Squid Sport, the edgy, dystopian Netflix present, has captivated audiences across the globe, leading to a fever-pitch TV second paying homage to Sport of Thrones. On the floor, the present is rife with societal commentary and anti-capitalist messages about matters resembling wealth inequality. Nonetheless, viewing the present by the lens of a cybersecurity fanatic additionally yields a number of classes for the safety group.
On this put up, we’ll mirror on conditions within the oddly twisted world of Squid Sport and translate them into six classes for cybersecurity professionals.
Put together for Unknown Threats
Very like the gamers of the Squid Sport — who should discover a solution to win at a collection of kids’s video games with out understanding what recreation they are going to be subjected to till they begin taking part in — safety professionals should discover methods to defend their organizations in opposition to unexpected threats.
This has all the time been true in safety. Attackers have a bonus over safety groups as a result of, very similar to the Squid Sport host, they get to select the assault kind and vector (recreation), whereas the safety groups should discover methods to defend in opposition to numerous recognized or unknown threats, and any of them may end up in a breach (or dying for the gamers).
Construct a Various Staff
After the primary recreation, the Squid Sport gamers rapidly determined that forming an alliance would assist them survive. Not solely did it assist them dwell by the violence of the “midnight combat” the place roughly 15 gamers had been ruthlessly murdered by their friends, nevertheless it helped the primary characters defeat a a lot stronger workforce in tug-of-war utilizing a technique Participant 001 remembered from his childhood.
The lesson for cybersecurity execs? Constructing a various workforce and expert workforce will increase the possibilities that somebody on the workforce is aware of the best technique, expertise, or information to win (cease or reply to a cyber menace).
Use the Proper Instruments
Two gamers had been in a position to smuggle in instruments after the video games had been reconvened — Sae-byeok (Participant 067) and Mi-nyeo (Participant 212), who introduced a knife and lighter, respectively. The knife allowed Sae-byeok to achieve foreknowledge of the primary recreation by accessing the air ducts and spying on the employees and was used within the midnight combat. The lighter helped two gamers full recreation 2 by heating their needles to soften the honeycomb at a fast tempo with little danger of breaking the wafer itself.
Equally, safety groups want the best instruments to efficiently sort out the threats they face. Safety practitioners must continuously replace their tooling so as to have the ability to discover and repair new assault ways and to shut the gaps of their safety program. This implies periodically reflecting in your group’s capabilities, safety posture, and making an attempt to objectively establish the gaps that may be crammed given the accessible budgets, time, and employees.
Course of Issues
Along with having the best individuals and instruments, gamers within the Squid Sport additionally benefited massively from taking the right strategy to taking part in a recreation. This was fairly actually the distinction between life and dying on many events. When Gi-hun found he may lick the honeycomb to dissolve the sugar, it gave him a large benefit over chipping away at his wafer with the needle.
Equally, when the glass producer found out he may see the distinction between the conventional and tempered glass based mostly on the way it refracted mild, it allowed him to advance a number of squares additional alongside the glass bridge with a lot much less danger than he would have in any other case incurred.
It is also true that safety practitioners profit from utilizing the best strategy to fixing particular issues. For instance, insider threats are greatest tackled utilizing conduct evaluation. It is also essential for safety groups to doc their course of such that they will repeat them throughout totally different employees members and get the identical outcome. As soon as one workforce member has perfected a method for one thing, like investigating malware in your atmosphere together with your tooling, they will share that information with the remainder of your workforce. The ultimate advantage of discovering and documenting your approaches is that they will then be automated with orchestration instruments.
Protection in Depth Works
Parallels might be made between assembling an efficient safety posture and internet hosting a profitable Squid Sport. In each circumstances, you are trying to remove threats (to your group, or to your prize cash) in a successive set of filters. In Squid Sport, this was achieved by subjecting the individuals to kids’s video games and eliminating the losers. Every recreation eradicated a proportion of gamers till just one remained. The chart under reveals the effectiveness of this strategy.
Safety groups ought to take this similar strategy, however as an alternative of killing gamers, they will cease assaults utilizing complementary instruments. For instance, implementing community safety instruments (e.g., firewalls) alongside utility safety controls (e.g., a Internet app firewall), endpoint safety (e.g., endpoint detection and response), e-mail safety, and id and authentication resolution (e.g., multifactor authentication). Every successive layer of management makes it that a lot tougher for attackers to succeed. This strategy is not about constructing an “attacker-proof” safety posture, it is about slowing down hackers and making your group much less enticing as a goal. The extra layers of the onion attackers must peel to acquire their goal, the much less possible they’re to wish to proceed. Moreover, these layers decelerate attackers such that safety groups have extra time to react.
Insiders Can Additionally Be Threats
Squid Sport has each malicious and compromised insiders. The police officer, Hwang Jun-ho, snuck into the sport to search out his brother by killing and stealing the id of employee 29. That is analogous to a compromised insider: Jun-ho was inside the sport’s safety perimeter, used a recognized id and credentials, and was misaligned with the host’s intentions.
The organ harvesting ring is analogous to malicious insiders; they’re staff of the host group however are knowingly abusing their entry privileges to their very own ends. In each circumstances, these threats had been found the identical means it’s best to uncover them in your IT atmosphere, by discovering irregular conduct that differs from the baseline conduct of the people concerned or their friends.