What Delos Inc. Teaches Us About Cyber Threats

insider threats

A popular television series doubles as a case study on the impact of insider threats.

Although insider threats aren’t new, organizations are increasingly worried about this digital coup d’état. A recent report shows that 90 percent of organizations feel vulnerable to insider threats and 53 percent have experienced an insider attack in the last 12 months. This report is very informative, but if you really want to understand this threat, read on and see the impacts of insider attacks on Delos Inc., the company responsible for running Westworld,

For those of you who have not watched this hit show on HBO, Westworld is an adult amusement park with advanced, human-looking robots who help guests fulfill their wildest dreams without fear of consequences. I know, I know…Delos isn’t a real company, and Westworld isn’t a real place, and maybe I have an unhealthy obsession with this show, but that does not diminish the fact that the show does illustrate (sometimes very graphically) the three types of insider attacks, which can be much more fun than reading through a report.

Author’s Note: While I have done my best to avoid spoilers, if you are concerned, go binge Season 1 and then come back.  Otherwise, proceed at your own risk.

The Innocent & Ignorant

The Accidental Insider is someone within an organization who compromises the company unintentionally. They make a mistake, but they don’t mean to. Maybe they succumb to phishing attempts and social engineering, or maybe they accidentally delete a critical file. They don’t even understand that they’ve done something wrong, in many cases.

For More Information, please see the Insider Threats topic page.

In Westworld, Felix represents our accidental insider. He is one of the technicians responsible for restoring the “dead” hosts. He is fascinated by the company’s creations and illegally dabbles with the code to see if he can restore a robotic bird back to life. Although Felix’s actions seem innocent and trivial, they begin to have unexpected and deadly consequences.

First, Felix gives Maeve a tour of the facility. This is like falling for a phishing attack that allows a hacker to gain access to the company network. Second, he edits Maeve’s code, giving her administrative privileges, thus allowing the hacker to escalate their privileges, thereby significantly increasing their ability to steal data or cause harm—which is exactly what Maeve does.

The Disgruntled Saboteur

The Malicious Insider is less common, but far more dangerous than the accidental insider because this individual is leveraging existing credentials, access and knowledge of your company to intentionally do harm. This is the disgruntled employee, who decides to steal data, install viruses or malware, rewrite code and destroy infrastructure. This user betrays your trust to enrichen their bank account or settle a real or imagined grievance.

In Westworld, we can find several examples of malicious insiders. However, none rise to the level of Dr. Ford. Upset that the Board is trying to steal his creation and force him out, he leverages his superuser access to alter the basic code of the hosts, effectively making them answerable only to him and blocking access to their programming to other privileged users. It is not unlike changing the password to a critical system so no one else could access that system—of course, things get far worse when Ford instructs the hosts to execute his new story.

The Spy & the Thief

The external insider is an external person, but one who compromises the access and account privileges of a trusted insider (e.g., the accidental insider). The external insider represents the biggest threat for a data breach, as they are often motivated by financial gains that they can realize by stealing your data.

In Westworld, there are also several examples of external insiders. First, the Man in Black is leveraging his external authority to compromise the internal hosts to solve the maze. Second, Charlotte pressures (compromises) Theresa to help smuggle data out of the park. In this case, Theresa becomes a malicious insider, who was compromised by an external person.

A Modern Solution

Thankfully, there is no Delos in our world (or is there?), so we shouldn’t worry about an army of robots planning to overthrow humanity (should we?). But we should worry the damage insiders can do within our own organizations and how can we detect and prevent these types of threats?

For More Information, please see the Insider Threats topic page.

Excessive user privileges enable 37 percent of insider threats, so implementing a privileged access management solution is a good first step; however, when this is combined with a modern identity and access management solution, you can strike the right balance between enterprise data security and convenient user access. It also provides a comprehensive strategy against ever-evolving threats, regardless of whether they are internal or external.

If Delos had deployed this type of solution, then Ashley Stubbs might have detected some of these threats before things got so out of hand, but then again, it would have made for a very short season.