Walking Dead can teach you valuable security lessons

Information security, the rise of zombie botnets, and what we can learn from The Walking Dead

Since early 19th century West Africa, the word “Zombie” has struck fear into the hearts of people. With the evolution of technology, and the rise of hit shows like “The Walking Dead,” zombies are more popular than ever, but the most terrifying thing about the world of

The Walking Dead isn’t "Walkers", it’s other people: Walkers, as they are referred to on the show, are predictable; they’re hungry, and they want to eat your brains. Humans on the other hand, often can and will be unpredictable, and that’s exactly what makes them dangerous. Here are some tips to learn from the popular show.

Predictability is just as dangerous as unpredictability

Perceived cyber threat expectations among companies and corporations, from mom and pop shops to mega conglomerates shouldn't base cybersecurity protocols on trends, let alone implement new cybersecurity techniques, technologies and procedures without a full understanding of them.

The vetting of various new implementations on any network comes down to knowledge of its most critical weaknesses, and even the most well run networks and business are only as strong as the weakest link.

[ MORE: 7 security lessons learned from Game of Thrones ]

"Walkers" in the world of The Walking Dead are a serious threat, but it's the living, whose primary motivations are to "survive at all cost" that pose the greatest threat to others.

From departmental staff changes and the changing of passwords, to the full overhaul of security protocols and procedures; staying ahead of the various threats to network security in today's world requires the certainty of uncertainty, and a better understanding of antivirus software, hardware and storage than possible attackers is imperative.

New people should be vetted

On The Walking Dead, before allowing anyone access to the group's hard earned resources, the protagonist asks newcomers three simple questions,

  • "How many walkers have you killed?"
  • "How many people have you killed?"
  • "Why?"

The first question aside, thorough background checks, psychological evaluations and surveys of and about new employees can give companies a leg up in the long term.

It seems obvious, but many companies give relatively new employees access to highly sensitive information. Access to networked passwords by people with little knowledge of cybersecurity may lead to phishing threats from outside the company, worse yet is access to networked passwords, procedural protocols and other sensitive information by disgruntled employees who have knowledge of coding, may dabble in, or otherwise be experienced hackers.

Bad management often leads to issues from lower-level employees, and anonymous surveys by lower-level employees may lead to restructuring, or even firing of managers who shouldn't be holding their positions to begin with. Periodic and random psychological evaluations can be needed of employees within various sectors.

Though the use of screening employees through psychological evaluations must fall within the legal precedence set by the Supreme Court’s decision in the 2005 case of Karraker v. Rent-A-Center Inc. which found that the employer’s use of the Minnesota Multiphasic Personality Inventory (MMPI) as part of its testing process for managers violated the Americans With Disabilities Act (ADA).

Checks and balances at every level of employment should be put in place to prevent any and all threats rising up the chain: from new hires to high-level executives. Security protocols and procedures may help curb these issues, but they should begin at the beginning.

Walls help, but not enough

From the CDC in Atlanta, the “West Georgia Correctional Facility,” the hospital in Atlanta, from Woodbury to Alexandria, and even “the Saviors” camp, one or two, or even a dozen walkers may become a piece of cake for the grizzled veterans of The Walking Dead, but a thousand walkers herded together can and most often will breach the walls of any safe zone, no matter how secure it may seem.

On Friday, Oct. 21, 2016, a coordinated DDoS attack shut down DNS servers through Dyn Corporation, located in Manchester, NH. Dyn won’t speculate as to the identity of the attackers, but recent reports and further analysis suggest that a Mirai botnet attack perpetrated by a group of amateurs calling themselves “The New World Hackers” was at least partially responsible for the attack.

These attacks used compromised consumer devices such as routers, IP cameras and DVRs to target Dyn's network servers. As previously stated: the overall security of any business is only as strong as its weakest link. Much like The Walking Dead, sturdy walls may prevent small groups from threatening the safety of any community, just as a good series of firewalls may prevent one, two, or even 10 drive-by-downloads containing packets ready to unleash malware in the hundreds of thousands to the millions. Just as one walker can breach a wall and cause an outbreak of walkers in seconds, Zombie Botnets may unleash a horde of DDoS attacks through something as simple as one to a few well placed phishing emails. Even major DNS service providers such as Dyn have proven unable to prevent these packets from breaching their firewalls and running rampant through their networks.

Securing the most trivial of systems within a network is paramount when something as simple as a malicious email may contain links to a horde of Zombie Botnets waiting to wreak havoc throughout a network and DDoS it to its knees. 


Security begins and ends with situational awareness: an awareness of the immediate as well as long-term perceived threats must be handled with an absolute certainty of the uncertain. In the post apocalyptic world of The Walking Dead, from stringed together tin cans, sharpened spikes and barbed-wire, to tripwire triggered explosive devices, booby-traps are often the first, as well as the last line of defense against invaders, whether alive or undead.

The characters on The Walking Dead often gather intelligence of future threats through both scouting and catching people attempting to scout or invade their territory. On more than one occasion, the characters have hidden in plain site by either disguising themselves as their living enemies, or by covering themselves in the blood and guts of walkers to mask their smell against the immediate threat of being eaten alive. In both The Walking Dead and in the real world, deception is a valuable tool against threats. “Honeypots” have become an incredibly useful resource against cyber-threats.   Hackers often bypass network defenses by using encryption or IPv6 tunneling.

Honeypots won’t gather the data of every perceived threat, because they only report the connections they receive, and almost all of these will be from real attacks. While honeypots rely on well thought out deceptions and stories to lure bad actors into traps, which in turn, covertly gather data from the source of any intrusion, they do so by using IPv6 or SSH, which are able to capture every action by bad actors, including toolkits, keystrokes and communications.

Honeypots contain no valuable data, nor applications a company would deem as critical. But they hold enough data which at first or second glance would be perceived as interesting, that hackers are lured in long enough to occupy themselves with a web of lies, as data is gathered by the honeypot. It can be used to analyze the methods, tools and techniques, as well as their skill level.

So whether your company is brand new, and as fresh to threats as Dr. Eugene Porter, protecting your company's data can seem as complex as traversing a maze of walkers, Or, if your company is well established, and as seasoned to threats as Morgan Jones and Rick Grimes, guarding your company’s data against attacks can seem as simple as carrying a big stick, as we’ve learned from The Walking Dead: the devil is in the details.

Copyright © 2016 IDG Communications, Inc.

AWS, Google Cloud, and Azure: How their security features compare