It's May the 4th, a holiday that celebrates our love for a galaxy far, far, away - Star Wars! I can't help but share some cybersecurity learning lessons from one of my favorite Sci-Fi movie series.
For example, lax security allowed for the theft of a single data file that would cripple the Galactic Empire by leading to the destruction of the Death Star during Rogue One: A Star Wars story. Implementation of a more advanced security protocol, which includes a comprehensive employee security awareness program, could have likely prevented this breach from occurring in the first place.
Let's dive in...
Galen: Insider Threat From a Privileged User
- He was definitely a disgruntled employee and designed hidden fatal exhaust port flow in Death Star plans
- Was an influence to Bodhi and convinced him to deliver data on the exhaust port
- Employees loyal to The Empire were likely not trained to recognize signs
- Trained employees would know that if you see something, say something!
Scarif Overall Planet Security: Weak
- People could enter/exit the planet without regulation by the deflector shield
- Rely on clearance codes to control in/outgoing ships
- Clearance code used for stolen cargo shuttle still was active
- Allowed Rogue One crew to land at the Citadel Tower on Scarif without additional security protocols
- The deflector shield was left open unless an emergency happens
- X-wings were able to fly into Scarif before the shield closes
- Clearance codes should have been more closely monitored and deactivated
- A lack of awareness of physical security threats is like leaving your front door open with a lazy security guard
Citadel Tower Security: Even Worse
- Virtually no ID scan or check once you land at the facility
- Rogue One crew overtakes security officers, seals their clothes; no one notices!
- This is security 101 - you should always have employed multiple levels of authorized access and trained employees to be more vigilant
- K2SO hacks into random robot and gets entire facility map
- A lesson in restricting employee access
- Death Star plans are on one physical file and it's easily accessible
- You should NEVER store all your most sensitive data in one place
- Was this data even encrypted?
Long story short: A single security breach can have devastating consequences on an organization, whether it's a company or a murderous Galactic Empire.
Don't let a series of events, many of which could have been prevented with a strong security culture bring your organization to its knees. New-school security awareness training, on the large scale and small, are everyone's responsibility to keep top of mind.