Cyber security lessons from Squid Game

An organization’s network system, attackers with risks awaiting to enter the network and the security team protecting the network. Sounds familiar? Well, it is all the same as the trending South Korean Netflix series “Squid Game”. The series is being widely described as grim, violent, cut-throat, and dystopian, but it can be said that it has been in the No.1 spot in the Top 10 shows in the US, right from September because it is highly relatable. So how is it relatable to today’s cyber security scenario and what are the key takeaways for organizations…?

Read through to find out.

Risk is always uncertain

The first and foremost takeaway from the series can be taken from the first condition the players are exposed to. Nobody amongst the players has an idea about what game they would be part of. They get into the game unaware of what their next game would be like, which denotes how risk is always uncertain. One cannot predict the type of attack they will face or when an attacker is going to try to hack the systems, this is why organizations must always be ready and completely equipped to face the risks.

The attacker is always at an advantage due to this uncertainty of the organization and by being prepared for all types of attacks, organizations can deny the attackers of this advantage.

Timely management of internal threats

The next takeaway can be taken from how internal threats like the police officer Hwang Jun-ho and an organ harvesting team were busted by the game host. We must understand that threats are not only uncertain but also of various types. An organization must tackle attackers with the methods and tools applicable for external threats and must use different strategies for handling internal threats. The network security team of an organization must always be on the lookout for abnormal activities.

Training must be provided to all employees about vulnerabilities like weak password protection, credential sharing, etc. to educate everyone about internal threats and possibilities of the data breaches. Staying fully aware of one’s situation and taking necessary precautions can prove to be useful in handling internal threats.

Being skillful and resourceful

It is to be keenly noted how the players in the Squid Game understand their position quickly and make a strategy for themselves. Right after their first game, they were aware that the sooner they got united the better they could save themselves from being shot dead. By forming a deal between themselves and staying united, they could save themselves from being killed by their peers in the “Midnight Fight”. “Unity is strength” is a time-tested proverb. On realizing that the offender is stronger than the player, the group of people unites and they begin using their skills, their experiences, and their strategies together. This way, they defeat a stronger team in the “Tug of War”.

The attacker always has an edge over the organization due to a wide variety of types of attacks to choose from and the uncertain nature of risks. This is why a network security team of an organization must comprise diverse individuals from various teams. Such a diverse team with diverse knowledge, experience, and point of view together will be able to handle any type of attack irrespective of the uncertainty.

Opting for the right approach

Selecting the right approach to solving an issue always goes a long way. Consider the example of how a glass manufacturer spots the difference between normal and tempered glass with its reflective property. He further uses this approach to advance in the game with less risk.

Using the right approach has its advantage in dealing with an organization’s security. For each type of threat, a different approach needs to be followed like choosing behavior analysis for internal threats, etc. It is to be noted that once an approach is chosen and practiced and proves successful, documenting it is essential for future usage. Documentation of processes followed each time, creates a record of issues faced and successful methods implemented. This practice of documentation aids in forming company guidelines and that is how best practices evolve within the organization. This way, different approaches to solving an issue can be discovered and the organization becomes more efficient in security management.

Continuous technological improvement:

Just as how time-tested methods, practices, and approaches are important in risk management, being technologically updated and effective usage of tools is equally important. In the Squid Game, tools like knives, lighters throw some light into gaining an early insight into the uncertain and deadly games. This way a few players survive the game.

In cybersecurity, there is a compulsive need to always stay updated with technological tools. Thanks to the nature of risks today, organizations have been enabled to handle every risk through systems right from internal access management to risks associated with external data and its security. The security management team of an organization must deeply reflect upon various factors such as time, cost, and manpower requirements and decide on the purchase of technological updates. If required, redundant or obsolete technology must be completely written off and new purchases must be made on time. To avoid a big gap between an organization’s vulnerabilities and the advantages of attackers, organizations must always stay up to date with their software and risk management tools.

Building a strong defense :

Cyber security is all about defense and it is almost evident at this point how the Squid Game and an organization’s cyber security can be analyzed. Cyber security of an organization must possess a strong defensive approach at all times. In addition to a strong defensive approach, it must also possess a high precautionary approach.

Risk is always better mitigated than managed. Through sufficient precautionary measures, an organization makes it difficult for an attacker to reach the target. When an organization looks sufficiently guarded in the eyes of an attacker, it is less attractive as a target. When an organization is less prospective as a target, an attacker would not choose to intrude on the security of that organization.

This is the crux of the idea behind building a strong defense in cyber security management. We at QRC, provide solutions such as an Enterprise security framework and much more for protecting your organization’s cyber security. Unlike the series, winning the Squid Game will never be a struggle for you.

11th November, 2021 | Risk Management | Posted by QRC Assurance

Get Free Consultation