How to Protect Against Insider Threats: 3 Tips from HBO's Game of Thrones’ “LittleFinger”

September 25, 2017

“I did warn you not to trust me.”

(Spoiler Alert: for those of you still binge watching Game of Thrones seasons 1-6)

For Game of Throne fans, Lord Baelish’s (otherwise known as Littlefinger) fate was only somewhat surprising, inevitable and a gratifying finale for the nefarious character. A master of manipulation, Littlefinger’s enterprising ways led him to acquire both wealth and key intelligence on his political rivals -- a classic example of a malicious insider. As his relevance in the storyline grew over the seasons, his underhanded and power grabbing methods gained momentum.


Photo credit: 7strongest (cc by 2.0)

So, how can you protect your business from similar (albeit less entertaining) insider threats?

Let’s face it, it’s the hope of every business that everyone in their organization, whether employee or contractor, will respect and uphold corporate policies, behaving like model citizens. Once the initial personnel security training is completed, there is an implied trust and expectation that all users will follow the rules and be loyal to their employer.

Grant Users the Least Amount of Access and Privilege They Need For Their Daily Work

When you see a headline that mentions “data breach caused by insider,” chances are it’s either another story of unwitting error, a case of a disgruntled employee or one having a temporary lapse in judgment thinking they are the next 007. Your initial reaction is likely “what, again??” followed by, “why do companies fall prey to this type of attack in the first place,” or  “how did the company NOT see this coming – there had to be signs of malevolent intent.” (LittleFinger’s devious ways were hard to miss). And then there are those harmless, yet loyal, employees who scramble to finish as much work as possible so they can squeeze in a few hours of downtime. In their rush, they may inadvertently click on a phishing email without thinking, providing the perfect pathway to the company’s sensitive data, putting the organization at high risk of losing brand value, credibility with their customers and revenue. When an employee has too much access and privilege, they are exactly who the bad guys are targeting.

One thing is clear -- many organizations grant too much privilege to their staff and contractors, where traditional perimeter security won’t protect them from an insider accessing critical data. Granting only the least amount of privilege necessary to do their jobs will minimize the risk of an attack that either started or was enabled from the inside.

Prioritize Privileged Access Security For Both Internal and External Users

Even though insider threats are responsible for only 15% of all breaches (according to Verizon’s 2017 Data Breach Investigations Report), treating this type of threat as a lower priority or having the mentality of “won’t happen to us” could result in disastrous consequences. Those model corporate citizens may not have any malice, but they are still vulnerable to being tricked via phishing or other scams, transforming them into an innocent and yet crucial enabler to a threat from the outside.

Recently, an email prankster successfully gained the trust of key personnel at some well-known high profile financial institutions by “spoofing” – pretending to be someone familiar in order to trick them into responding. This same prankster also was also responsible for a recent snare of a U.S. government official in charge of cyber security using the same spoofing technique. In this case, the victim even provided his personal email address to the prankster, even though he hadn’t asked for it.

Speaking of Littlefinger – HBO’s recent set of breaches in a short period included an instance involving their offshore distribution partner. Although the alleged thieves were indirectly associated with HBO’s partner, they had just enough access to misappropriate the critical data and generate headlines.

Rethink Your Security Approach to Protect Your Business’ Financial Health

Although those incidents were presumably intended as mischievous pranks, they could have led to more damaging consequences. As Naill King wrote in his recent blog on the HBO breach, “the significance of the HBO data breach is less about the stolen Game of Thrones documents than how data breaches can impact a company’s bottom line.” Implementing strong security controls and access policies are paramount to minimizing the risk of loss – of credibility, revenue or even a dip in stock price as evidenced by the Day One market reaction to the recent Equifax breach. Their reported 5 percent drop right after the news broke is consistent with the industry average, as reported in a recent Centrify-commissioned study by the Ponemon Institute. And, the day after the news broke, Equifax's stock price dropped 13 to 14 percent.

It’s Time to Redefine Security

Cyberthreats come in all shapes and sizes, and from all vectors. Systems are being breached with direct access via compromised credentials, which means your perimeter-based approach is no longer as effective as you once believed, since it focuses on networks, firewalls and devices. Identities are the vehicle to opening the front door and navigating laterally through an organization until access to the keys to the kingdom are obtained.

Learn more on how to rethink security and STOP the breach.

This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.