Please fill in the form below to subscribe to our blog

Game of Thrones: An SMB Cybersecurity Analogy

April 26, 2019

***SPOILER ALERT: this article contains some plot details up to Season 8, episode 2***

The epic struggle of Jon Snow, Daenerys Targaryen and their fragile coalition of allies against the looming undead army of White Walkers bears a striking resemblance to the growing specter of cyberthreats against small to medium sized businesses in recent years.

So how do you make people care about cybersecurity as much as they care about who will reign supreme over Westeros? Simple – frame these threats in the fantastical terms they already understand from Sunday nights watching HBO.

Westeros as an SMB

Westeros, the fictional continent where much of the show’s action takes place, is an excellent metaphor for your organization’s IT environment. It has a clear perimeter as an island surrounded by water and contains significant assets – food, weapons, livestock, infrastructure and its citizens (just as a business owns personal data, payment information, intellectual property and other sensitive material). While there is some warring between the Lannisters, Starks and other houses, it’s helpful to think of them as various departments within the same organization – jockeying for resources, much as different business units might fight for limited budget.

A united Seven Kingdoms allows us to recognize the true existential threat to the security and prosperity of Westeros’s inhabitants – the White Walkers. The most direct cybersecurity parallel to this horde of undead would be a malware botnet. A botnet is a collection of internet-connected devices such as computers, smartphones or IoT devices whose security has been breached and control ceded to a third party (the ice-cold third party being The Night King in this scenario).

Much like The Night King is able to raise his victims from the dead to join his ranks, hackers are able to fool unsuspecting users by implanting and executing malware on their devices, oftentimes through advanced phishing attacks, to take control of them. This malware could restrict access to business-critical systems for a ransom and harvest user credentials to grant hackers access to financial resources — two techniques that could potentially bankrupt an SMB. The hacker can also use infected devices to carry out ever larger-scale attacks, such as Distributed Denial of Service (DDoS) attacks against your website. As we learned in the latest episode of Game of Thrones, The Night King is seeking to launch a DDoS attack on Westeros and beyond, with the goal of permanently shutting down the living.

Another similarity that Game of Thrones superfans will appreciate: neither the White Walkers nor hacking tools were originally conceived with destructive purposes in mind. The White Walkers were originally human-like figures created with magic by the Children of the Forest to protect them from the First Men. They were defense weapons created with good intentions that eventually became so powerful, they threatened all of humanity. Similarly, cyberweapons like StuxNet were originally developed as tools of defense to limit the advances of Iran’s nuclear program, but have since fallen into the hands of third-party criminal groups, who continue to leverage the techniques that made StuxNet possible.

Speaking of hacking tools that were previously only available to national governments but are now utilized by criminals, the White Walkers currently have access to more powerful resources than ever before – namely, a terrifying ice-fire-breathing dragon. This parallels the now widespread use of tools like those released by The Shadow Brokers in 2016. The exploit EternalBlue, developed by the NSA in the name of national security and leaked by The Shadow Brokers, was used in the infamous worldwide WannaCry attack that affected over 200,000 computers across 150 countries.

Similar to the defense measures that many SMBs implement, Westeros has indeed taken steps to protect itself from the murderous throngs of ice zombies to their north. The most notable example of this would be The Wall. 300 miles long, 700 feet tall and fortified with ancient magic, this rock-solid ice wall could most easily (and ironically) be compared to a Firewall. It’s the first line of defense against intruders, and it takes a Night’s Watch of IT Administrators to maintain it, guard it and analyze for vulnerabilities. As any cybersecurity professional knows, a firewall is a significant defense but can be bypassed by a savvy hacker who knows how to exploit human error, compromised credentials and unpatched applications (or in GoT, by a savvy zombie sociopath with a seemingly unstoppable ice dragon).

How to fight back

So what can be done to keep your digital kingdom safe? First, you want to make sure your organization’s leadership isn’t like Cersei Lannister – Queen of the Seven Kingdoms who is unwilling to address the existential threat from the North. Much like the wise Maesters of the Citadel, you’ll need to educate decision-makers about the consequences of inaction. For example, 60% of SMBs go bankrupt within the first 6 months following a major cyber incident. 

Because the vast majority of data breaches are due to human vulnerability and compromised credentials, you’ll want to focus on cybersecurity best practices; these practices are your weapons forged from dragon-glass and Valyrian steel – the only ones proven to be effective against White Walkers. Just as Arya Stark is lethally trained by the Faceless Men, make sure your employees are trained to recognize phishing attempts that may contain malicious files or requests.

You’ll also want your very own Three-Eyed Raven. That’s to say, you will want to implement a Dark Web Monitoring service to detect when your users’ credentials are compromised on the Dark Web. Leveraging visibility of your business’s weak spots will give you a *Stark* advantage against hackers (pun very much intended). Be sure to implement strong password phrases and modify them on a regular basis.

Lastly, enlist the help of a dragon of your own. Managed Service Providers are a powerful resource for SMBs, armed with knowledge and experience in fighting off cybercriminals. A reputable MSP who focuses on the above techniques like Security Awareness Training and Dark Web Monitoring will be a fiery champion for your digital realm.


ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites.  SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Send us a raven to schedule a demo today!