Editor’s observe: Accommodates main spoilers for the TV present Squid Sport.
Squid Sport, the edgy, dystopian Netflix present, has captivated audiences across the globe, leading to a fever-pitch TV second harking back to Sport of Thrones. On the floor, the present is rife with societal commentary and anti-capitalist messages about matters resembling wealth inequality. Nevertheless, viewing the present via the lens of a cybersecurity fanatic additionally yields a number of classes for the safety neighborhood.
On this publish, we’ll mirror on conditions within the oddly twisted world of Squid Sport and translate them into six classes for cybersecurity professionals.
Put together for Unknown Threats
Very like the gamers of the Squid Sport — who should discover a technique to win at a collection of kids’s video games with out figuring out what sport they are going to be subjected to till they begin enjoying — safety professionals should discover methods to defend their organizations in opposition to unexpected threats.
This has all the time been true in safety. Attackers have a bonus over safety groups as a result of, very similar to the Squid Sport host, they get to select the assault kind and vector (sport), whereas the safety groups should discover methods to defend in opposition to numerous recognized or unknown threats, and any of them may end up in a breach (or dying for the gamers).
Construct a Numerous Staff
After the primary sport, the Squid Sport gamers rapidly determined that forming an alliance would assist them survive. Not solely did it assist them reside via the violence of the “midnight struggle” the place roughly 15 gamers had been ruthlessly murdered by their friends, however it helped the principle characters defeat a a lot stronger workforce in tug-of-war utilizing a technique Participant 001 remembered from his childhood.
The lesson for cybersecurity execs? Constructing a various workforce and expert workforce will increase the probabilities that somebody on the workforce is aware of the precise technique, abilities, or data to win (cease or reply to a cyber menace).
Use the Proper Instruments
Two gamers had been in a position to smuggle in instruments after the video games had been reconvened — Sae-byeok (Participant 067) and Mi-nyeo (Participant 212), who introduced a knife and lighter, respectively. The knife allowed Sae-byeok to realize foreknowledge of the primary sport by accessing the air ducts and spying on the employees and was used within the midnight struggle. The lighter helped two gamers full sport 2 by heating their needles to soften the honeycomb at a fast tempo with little danger of breaking the wafer itself.
Equally, safety groups want the precise instruments to efficiently sort out the threats they face. Safety practitioners have to continually replace their tooling so as to have the ability to discover and repair new assault ways and to shut the gaps of their safety program. This implies periodically reflecting in your group’s capabilities, safety posture, and attempting to objectively determine the gaps that may be crammed given the obtainable budgets, time, and employees.
Course of Issues
Along with having the precise folks and instruments, gamers within the Squid Sport additionally benefited massively from taking the proper method to enjoying a sport. This was fairly actually the distinction between life and dying on many events. When Gi-hun found he might lick the honeycomb to dissolve the sugar, it gave him a large benefit over chipping away at his wafer with the needle.
Equally, when the glass producer discovered he might see the distinction between the traditional and tempered glass based mostly on the way it refracted mild, it allowed him to advance a number of squares additional alongside the glass bridge with a lot much less danger than he would have in any other case incurred.
It is also true that safety practitioners profit from utilizing the precise method to fixing particular issues. For instance, insider threats are finest tackled utilizing habits evaluation. It is also vital for safety groups to doc their course of such that they will repeat them throughout totally different employees members and get the identical end result. As soon as one workforce member has perfected a way for one thing, like investigating malware in your setting along with your tooling, they will share that data with the remainder of your workforce. The ultimate advantage of discovering and documenting your approaches is that they will then be automated with orchestration instruments.
Protection in Depth Works
Parallels might be made between assembling an efficient safety posture and internet hosting a profitable Squid Sport. In each circumstances, you are seeking to eradicate threats (to your group, or to your prize cash) in a successive set of filters. In Squid Sport, this was completed by subjecting the individuals to kids’s video games and eliminating the losers. Every sport eradicated a proportion of gamers till just one remained. The chart under reveals the effectiveness of this method.
Safety groups ought to take this similar method, however as an alternative of killing gamers, they will cease assaults utilizing complementary instruments. For instance, implementing community safety instruments (e.g., firewalls) alongside software safety controls (e.g., a Net app firewall), endpoint safety (e.g., endpoint detection and response), electronic mail safety, and id and authentication resolution (e.g., multifactor authentication). Every successive layer of management makes it that a lot tougher for attackers to succeed. This method is not about constructing an “attacker-proof” safety posture, it is about slowing down hackers and making your group much less engaging as a goal. The extra layers of the onion attackers have to peel to acquire their goal, the much less possible they’re to wish to proceed. Moreover, these layers decelerate attackers such that safety groups have extra time to react.
Insiders Can Additionally Be Threats
Squid Sport has each malicious and compromised insiders. The police officer, Hwang Jun-ho, snuck into the sport to search out his brother by killing and stealing the id of employee 29. That is analogous to a compromised insider: Jun-ho was inside the sport’s safety perimeter, used a recognized id and credentials, and was misaligned with the host’s intentions.
The organ harvesting ring is analogous to malicious insiders; they’re staff of the host group however are knowingly abusing their entry privileges to their very own ends. In each circumstances, these threats had been found the identical method you need to uncover them in your IT setting, by discovering irregular habits that differs from the baseline habits of the people concerned or their friends.