After 8 seasons, Game of Thrones is officially over. Whether you were a fan of the hit TV show or not, there were a few lessons to be learnt from the final season for business owners. As they say ‘art replicating life’.
There is an episode which caught every single viewer by surprise and that was episode 5 of the final season. The ending of the episode, after the initial shock had gone, taught several lessons relating to cyber security.
Spoiler alert for those of you who haven’t watched GoT yet, but intend to at some point or another. To bring you up to speed, the heroine of the show from the beginning is a character called Daenerys Targaryen. She’s the one that is most honest, forthright, selfless and good. Fighting against the powers that be against injustice and tyranny, sometimes singlehandedly.
They call her the mother of dragons because the show’s three dragons, exclusively belonged and were controlled by her alone. She uses them for good, which makes her feared amongst her adversaries, as she has firepower like no-other.
You can see where this is going… Daenerys completely out of character, went on a rampage and burnt down an entire city, full of innocent people, using her favourite dragon.
How this relates to cyber security is quite simple. The biggest threat to your business may not be somebody outside the organisation, but somebody you work with.
Internal or insider threats can be split into two distinct categories: Malicious or unintentional.
Malicious Internal Threats
Individuals seeking financial rewards: A high percentage of malicious insider threats come from employees seeking to profit financially. However, it is a long term strategy. They don’t just want to take the money and run – they use their position within the company to exploit vulnerabilities in systems in order to bankroll a second income. They try to avoid being flagged in order to remain in their job and continue with their fraud.
Disgruntled employees: These individuals may be angry at your company for any number of reasons. Their reasons could be more serious in nature or downright petty. From things such as constantly being overlooked for promotions, to not liking the colour of their new uniform. These individuals like the above, abuse their trusted positions within a company, much like Daenarys and her dragon, and go completely power mad – just because they can. The reason for this, more often than not is to wreak pure havoc within an organisation. A recent example of this is the high-profile Morrisons’ data leak of 2014, which was caused by an unhappy employee.
Former employees: In companies where access rights are not carefully managed, former employees may pose a threat if login details are not taken away once they leave. They could be logging on to utilise company resources or searching for confidential information. They could potentially post defamatory/ profanity messages on social media from company accounts. Finally they could commit industrial espionage to further their position at their new company – especially a competitor company. All of these scenarios show that past employees represent a considerable risk if their digital access isn’t monitored accordingly.
Unintentional Internal Threats
Your biggest threat actually lies with individual employees. Those who didn’t intend the company any harm, but ultimately put the company in danger by taking actions that led to security threats. Within this category, there are several issues to look for:
Lack of training: First and foremost is a lack of cyber training. Companies are now starting to take cyber security more seriously, and a percentage have increased their cyber security training and support. However, a large number of employers still don’t offer training and if they do, employees may not attend or take the content seriously.
Poor judgement: It is possible that despite all your training and investments, employees will exhibit poor digital decision making. They could forward an email with sensitive company information to the wrong recipient, store company data on an unsecured personal device and lose said device, or even click a ransomware email.
Overly helpful: An employee may give out sensitive details/ information by thinking that they are being polite or helpful. When in fact, a criminal is just fishing for information over the phone to try and hack into your systems.
Misplaced USB drive: A very old yet effective tactic. A hacker ‘accidentally’ drops a flash drive in the workplace car park with the hope that a curious employee picks it up and plugs it into a company computer, which then launches the malware.
Fake technical support call: Ever had a ‘random’ call from Microsoft Tech Support? These fake calls try to persuade victims to allow the hacker remote desktop access. Please remember that Microsoft never call end-users.
If you are concerned about any of the above, and feel your company is currently at risk of an internal attack, there are several steps you can take to reduce the risk:
Mandatory, up to date training for staff with reviews. Ensure anyone that has fallen through the cracks receives training immediately.
Leverage end-point security solutions, such as Hosted Desktop from Venom IT that help keep individual physical devices, such as laptops and tablets, safe and secure. If a device is lost or stolen, the information on the device can be wiped remotely to avoid the risk of data exposure.
Carefully manage permissions, including tiered permissions for sensitive information and immediately remove access for employees that have left the company. A Cloud-based solution from Venom IT such as Online Backup gives you full control over what employees have access to. For example, the sales department cannot access the HR department’s drive.
Venom IT provides a full range of cyber security solutions, combining Cloud technology with staff cyber security training, which we have found lead to the best long-term results.
We’re using cookies to give you the best experience on our website.
You can find out more about which cookies we use, or switch them off by clicking ‘More Information’. Here, you’ll also find links to our Privacy and Cookie Policies, which explain how we process your personal data.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
This site uses Google Analytics and Google Tag Manager which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics and Google Tag Manager cookies, see the official Google Analytics / Tag Manager page.
From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
The Google AdSense service we use to serve to advertise uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you. For more information on Google AdSense see the official Google AdSense privacy FAQ. Several partners advertise on our behalf and affiliate tracking cookies simply allow us to see if our customers have come to the site through one of our partner sites so that we can credit them appropriately and where applicable allow our affiliate partners to provide any bonus that they may provide you for making a purchase. Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!