7 'Star Wars Day' Cybersecurity Lessons
May the Information Security Force Be With You"May the Fourth be with you."
See Also: How to Take the Complexity Out of Cybersecurity
Star Wars Day happens every year, celebrating the iconic science-fiction film franchise. It's the perfect time to celebrate these cybersecurity essentials, as received from "Star Wars" canon wisdom.
1. Too Good To Be True?
Received an email or communication that sounds too good to be true When in doubt, throw it out! #StarWarsDay pic.twitter.com/qS4nj6N6BE
— NatlCyberSecAlliance (@StaySafeOnline) May 4, 2016
Have you ever come out of hyperspace in an attack against a Death Star, only to be caught out by a hidden Imperial fleet? Or have you ever been emailed by a Nigerian prince, asking if he can keep his $20 million tucked in your bank account indefinitely?
In the words of Admiral Ackbar: "It's a trap!"
2. Recruit Who You Must
In "Star Wars," the future of the universe relies on a whiny kid who takes a lucky shot, blows up a doomsday machine, but then can't stick the long-term training, gets his hand cut off by his father, watches his friends get captured by the opposition, and only then manages to come back dressed in all black - sporting a new, robotic hand - and save the day.
Takeaway: Don't be afraid to look for help in the most unlikely of places.
On the security front, one ongoing challenge is keeping users keyed in to emerging attacks, including phishing and malware. And where security awareness training is concerned, always remember the fun factor. In short: Never underestimate the power of kittens.
3. Test Things Before They Break
Ever needed to escape a blockade, only to find that your "bucket of bolts" can't make the jump to light speed, because you failed to keep your ship tuned up?
The same goes for information security defenses, and ensuring that, unlike Target, you're paying attention to alarms before the situation becomes critical.
4. Don't Fear the Dark Side
One recurring problem in information security circles is the proclivity by practitioners - and especially vendors - to trade on fear, uncertainty and doubt. But FUD doesn't help anyone get their cybersecurity shop in order. As Yoda tells Luke Skywalker: "Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering." And who wants to suffer?
5. Scum Will Congregate
The scum of the universe will always find ways to congregate. As Obi-Wan Kenobi noted of a certain less-than-desirable piece of intergalactic real estate: "Mos Eisley spaceport: You will never find a more wretched hive of scum and villainy."
Security experts say the same paradigm is at work in cybercrime circles, as revealed by the prevalence of underground forums - many apparently hosted in Russia - that sell products and services to other cybercriminals.
6. Learn From Repeat Attacks
Why do villains create the plans for a major new weapons system once, then keep redeploying it? In that respect, the developers behind malware, ransomware and remote-access Trojans are a lot like the folks who keep building Death Stars, or their planet-based "Force Awakens" alternative. Except cybercriminals, of course, have enjoyed much greater success.
7. Don't Try, Do
Never wait to be attacked, especially if there are defenses that you can put in place - in advance - that will help blunt or block the impact of those attacks, be they phishing, ransomware or attacks launched via supply-chain partners.
The important thing is to get started, follow through and keep following through. In the words of Yoda: "Do. Or do not. There is no try."