Episode #6 of Defend the Kingdom, "Ghost in the Machine", brings to close the dramatic battle between good and evil in both Marty's imagination and his daily work as a security "hunter". The episode reveals a highly skilled, persistent, maniacal adversary bent on the Kingdom's ultimate destruction. In Marty's alter-universe, he sees this as an enemy targeting not only the Kingdom's financial wealth but more importantly its most crucial military plans. In real life though, the danger is just as real - a nation-state actor targeting his corporation's most intimate and strategic plans. The story culminates in a race against time as Marty's honey pot lures his dangerous foe into the final confrontation. In Marty's imagination, he sees this as a race across the countryside protecting the Kingdom from the ultimate enemy and imminent catastrophe. In reality, it is a duel across MagnaCorp's network to identify the compromised data and preventing data exfiltration.
The final episode is meant to underscore the message that these risks are very real and pose a serious threat to our organizations. While life and death is not always on the line, such as the case of the Kingdom's military plans and the threat of invasion, a compromise of a company's internal data can have massive repercussions. We have seen the headlines. We have read the media stories. We all know the seriousness of these issues. It doesn't take a fictional story to demonstrate what is at stake. We see too often the impact at companies every day.
One thing that was important to me in this final episode was to articulate the personal side of security incidents. At the end of the story, Marty recounts the toll on his fellow employees. Greg misses his son's school outing. The staff endures long hours. The stress impacts the entire organization from the top down - executives to admins. Underneath the headlines and news accounts, we must remember the tale is much deeper. In our industry, many hard working, diligent individuals are fighting a battle on the front lines. Some times they lose that battle. And when they do, everyone knows it. But they also win many of the battles. And rarely do those victories see the light of day.
This series has been a labor of love for me. The story was meant to educate and entertain. I also wanted to draw attention to the importance of what security and risk professionals do on a daily basis. We have covered much ground in this blog series. In the 30 blogs of the story, we have discussed core security principles, technical security techniques, connections to broader risk management and a host of other topics. I hope you have enjoyed the fiction but also learned something new along the way.
Thank you for joining me on this adventure. To those of you in on the front lines, good luck and keep hunting.
Steve Schlarman - @steveschlarman
Category: Research and Innovation, Blog Post
Keywords: Advanced Persistent Threats, Advanced Threats, APT, Enterprise Security, Risk & Compliance (GRC), Risk Management, Security Management, Security Mini-Series, Security Short Stories