To this day, fans of the Star Wars series bask in the glory of the destruction of the Death Star. Just like Neil Degrasse Tyson challenging the realism of any space movie plot, security-minded moviegoers must be as frustrated as Neil watching the demise of the Death Star due to the weak security systems and practices are overseen by Darth Vadar himself.
Fast forwarding to today’s latest Star Wars installment, we thought it would be an interesting concept to “audit” Star Wars…specifically, Rogue One. What we found were seven computer security lessons that we can all learn from.
If the galaxy can be breached, so can we! Spoiler Alert Ahead!
● Eliminate Internal Threats: Remember when Erso, not wanting the construction of the Death Star in the first place, turned out to be the reason behind its infiltration? Well, even in real life, security software companies tend to have such internal threats. Understanding that breaches can start from the inside is important and necessary to maintain internal security measures as well as external.
● Eliminate External Threats: Do not follow the lead of Jyn Erso; building a fortress which is strong from the outside but soft on the inside. This is a prime target for hackers to get through. If you have something worth protecting, make sure that your firewall software is robust and always up to date. Your system should have a labyrinth of defense so that it is hard to crack.
● Social Engineering Threats: Bodhi was a character who could manage past the shield gate with the help of his social engineering skills. As In real life, people are easily fooled. Clicking on false links, opening spam emails, listening to fake news….it is important to keep your employees aware of this constant threat and educate them on best practices.
● Physical Identification and Authentication: Jyn and Cassian could get through untouched because nobody took a second glance at them making their way to the data vault. Hence, installing and maintaining proper identification and authentication methods is critical to know who is accessing your building and resources, as well as your data.
● Shutdown Vulnerable Machines: At the end of the day, compromised machines were the main reason why the assets were stolen. To make sure this does not happen to you, always be sure to remove old computers and systems from the network that are not needed and being used anymore. Install kill switches when possible and always have IT control of the authentication of the machines.
● File Naming: Stardust was the name which helped Jyn and Cassian find the file they were looking for. Make sure you have a sophisticated file naming, storing, and retrieving process so in the event of a breach it is difficult to obtain confidential files.
● The Importance of Backup: The protective “shield” could be disabled just with a system crash. Make sure yours is not brittle and that proper backup systems are in place to stop this threat before it happens.
May the force be with you!