Observers have pointed out similarities between Squid Game and cybersecurity. Companies and organizations could be inspired by the rules of the games played in this cult series to establish their cyber defense strategies at all levels: preventive, defensive or offensive. Explanations.
Table of contents
Cybersecurity: taking inspiration from squid Game to strengthen defense
Companies and organizations are under attack on all fronts. Cyberattacks have never been more virulent. Hackers are constantly refining their attack techniques that are becoming more and more sophisticated. The defense is sometimes overwhelmed by the quantity and quality of the attacks.
Migration to the cloud, mass digitization, the proliferation of mobile apps and connected gadgets are all openings through which cybercriminals gain access to a system.
The successful series Squid Game conveys many societal facts, such as social inequality or anti-capitalism, but not only. The eye of a cybersecurity expert also sees similarities between the rules of the games in the series and cybersecurity.
In Squid Game, these rules seem a priori far-fetched but could be inspire cybersecurity actors, organizations and companies for implementing their cyber threat defense plan.
Squid Game and cybersecurity: what similarities?
Inspired by traditional children’s games, the events in Squid Game are based on the concept of attack and defense. A well-defined game perimeter is drawn on the ground on which the defenders are placed. The latter play against another group: the attackers.
The attackers are free to move around this perimeter to search for weaknesses and loopholes in the defenses. The game ends when the offender manages to defeat the defender named “royal inspector”.
These game rules, detailed by the narrator, show striking similarities to cybersecurity. Experts have translated these similarities into cybersecurity advice.
10 cybersecurity tips from Squid Game
Businesses and organizations should start with identifying their critical assets around which they will build a strong defense. No cybersecurity device is 100% unbreakable. Nevertheless, with the best and most effective measures possible, attacks are less likely to succeed.
The Squid Game rules transposed to the world of cybersecurity establish the key points and best practices to follow in order to effectively protect computer systems.
Always be prepared for any eventuality
In Squid Game, no one knows the challenges in advance. The same is true for cybersecurity: risk is always uncertain. It is particularly important to be prepared for any eventuality and to build one’s defense system accordingly. This is one of the first rules to remember.
It is impossible to predict the type of attack that organizations will face Or even when an attacker will attempt to hack into systems. For this reason, organizations must always be prepared and fully equipped to deal with threats. For malicious actors, this uncertainty remains an advantage without adequate defense.
Manage insider threats quickly
In the series, Hwang Jun-ho is a policeman who has infiltrated the game to find his brother. Through this character, viewers get to know the vices of all the protagonists in the series.
This character who offers an inside view reveals the risks of internal threats. In other words, cyber threats do not come exclusively from the outside. Organizations must apply different strategies to manage internal threats. The network security team must always be on the lookout for anomalous activity.
In addition, employees will be required to receive training on internal vulnerabilities such as weak passwords and all types of possible cyber threats. Educate on insider threats and the potential for data breaches leads to a better understanding and appreciation of the risks.
Investing in key cybersecurity skills
In the Squid Game series, players understand their position from the start. They have developed a strategy accordingly. Just after their first match, they realize one thing: they have a better chance of surviving by forming an alliance.
By making an agreement among themselves and staying united, they could avoid being killed by their peers. In short, “there is strength in numbers”. This strategy proved successful. The players realized that the attackers were stronger and that the alliance was the solution to defeat them.
They began to unite and combine their skill, experience, and strategy to stand together against the threats. This tactic allowed them to build a stronger team.
The malicious actor chooses the threat used to attack a system. Because of this, he always gains the upper hand in the organization. This is why a seasoned team with diverse skills and solid experience will be able to handle any type of attack, regardless of the degree of uncertainty.
Finding the right approach
An effective cybersecurity strategy also involves choosing the right approach to solve a problem. Organizations need to take a different approach for each type of threat. For insider threats, for example, behavioral analysis is one way to go.
If an applied approach proves effective, it should be documented for future use. Systematic documentation of the processes makes it possible to record the problems encountered and the methods used to solve them.
This documentation practice helps to form the company’s guidelines. This is how best practices evolve within the organization. In this way, the organization discovers different approaches and becomes more effective in risk and safety management.
Use the right tools and continuously improve technology
Effective use of the right tools and technology upgrades are equally important in protecting against cyber threats. In Squid Game, simple objects like a lighter or a hijacked knife allow players to survive deadly games.
Each at their own level, cybersecurity team members should use complementary tools. For example, they can combine the following devices:
- Network security tools such as a firewall
- application security controls
- endpoint security technologies
- authentication solution
With multiple layers of security, attacks will be hard to get through. Replace redundant or obsolete devices as soon as necessary.
Building a strong defense
Just like the events in Squid Game, cybersecurity is a matter of defense. In addition to having a strong defensive approach at all times, the organization must also implement a preventive anti-threat posture. In particular, it is necessary to build a strong defense around sensitive data.
With sufficient precautionary measures, attackers will find it difficult to reach their target. Malicious actors are less likely to use ultra-secure networks. They are more interested in finding loopholes.
This approach is not about creating an “attacker-proof” security posture. The idea is to make the organization as unattractive as possible as a target. Each security layer slows down attackers, giving security teams time to react effectively.
Restrict permissions and control privileges
The survival game “Green Light, Red Light” in Squid Game evokes the vital importance of permissions and privilege checks within a network. Organizations must assume that at least one internal actor is traversing the network without permission.
By enforcing “red lights,” security teams are in a better position to prevent attackers from increasing their privileges and reaching the finish line to achieve their goal.
Slow down attackers
In one of the most intense sequences of Squid Game, the participants are given dalgona. It is a hard candy with geometric shapes (star, circle, triangle …) printed on it.
During these tests, the players must cut the shape without breaking it. But some players receive more complex shapes and can not advance in the game. One of the characters had the idea to lick the candy to melt it and get the expected shape more easily.
Cybersecurity teams should also use a “dalgona” to inhibit an attacker’s progress and trigger red flags more quickly.
Becoming aware of the effectiveness of the Zero Trust
In one game, participants are divided into teams of two. Each is given a bag of 10 marbles and must get all of his partner’s marbles by any non-violent means.
One of the characters, Cho Sang-woo, devises a plan to gain his partner’s trust. But this was only a strategy. By transposing this situation into the world of cybersecurity, Cho Sang-woo’s behavior evokes the importance of Zero Trust. In other words, never trust and always check before granting access.
Anticipate cyber threats without taking risks
The “Glass Bridge” game, on the other hand, speaks to the need to move forward carefully in a new environment. Organizations have this compulsive need to continually innovate at all levels, right down to security technologies.
But innovation does not necessarily mean efficiency. And it must be taken into account that the new devices are not yet proven. Of course, the objective is to stay ahead of increasingly sophisticated threats.
Nevertheless, time should always be taken to identify the needs of the business or organization before making new decisions and implementing new devices.