HBO’s wildly-popular series Game of Thrones follows the quest of rival factions to rule the Seven Kingdoms of the fantasy land of Westeros.
It’s a numbers game; an exercise in one-upmanship – and it’s likely to culminate in a brutal fight to the death
As Daenerys Targaryen leads her army (and her dragons) to battle Cersei Lannister and claim the Iron Throne as the one true queen, any leak of information could spell certain doom.
Deceit is not a foreign concept in Game of Thrones, meaning there’s a real danger of the aspiring rulers’ plans falling into the wrong hands.
In an example of life imitating art, hackers recently stole 1.5 terabytes of data from HBO, including full episodes of popular shows like Ballers and at least one script from an upcoming Thrones episode.
The thieves also made off with internal company documents and HBO employee data – some of which has already been shared online.
HBO isn’t alone; headlines are filled with companies that have had data and information stolen, whether it’s customer details, employee information, classified product data, and more.
Types of Data Theft and Exfiltration
To understand how to prevent such breaches, it’s important to first look at the different ways data can be stolen from an organization.
Data breaches can occur either physically or digitally ‘over-the-wire’. Physical leakage can occur when someone transfers data from a user’s device to a USB drive and walks it out the door, or transfers it via a rogue wireless network.
However, that vector is typically used by employees with a motive.
An over-the-wire data breach can occur with various degrees of complexity, duration, and effort. Exploits that potentially give access to the stolen content might be as simple as taking advantage of improper security measures to bypass authentication for streaming services, or moves that give command and control over a host to the intruder.
Others vectors used to steal data include ‘spear phishing’, deeper penetration into the corporate network, or from a connected subsidiary or partner. If the main attack is through an intermediate and compromised system, there is a delicate balance that an intruder might consider in deciding at which rate to exfiltrate the data.
The longer the intrusion, the higher the chance of being discovered or inadvertently losing access because of nightly patching or the power state of the compromised system.
Also, if the intruder sends large amounts of data too quickly, it might raise some eyebrows and generate alerts from security solutions.
Preventing Breaches and Leaks
So how can companies prevent data breaches like these from happening?
When it comes to preventing data breaches and leaks, analytics and visibility are critical and can help detect data exfiltration events.
Detailed telemetry solutions that have good analytics are key to monitoring traffic that is leaving the network, and can detect any traffic flows that are outside the norm.
From there they provide insight into what’s happening and act to stop any malicious activity.
In a case where data is exiting the network via fast exfiltration, IT management can use security solutions that create rules to lock down traffic in extreme circumstances, or even proactively set up policies that limit traffic.
Additionally, Data Loss Prevention (DLP) systems that use the Internet Content Adaption Protocol (ICAP) to connect to the network can help prevent unauthorized data exfiltration.
Written by: Mohammed Al-Moneer, Regional Director, MENA at A10 Networks