Euro Security Watch with Mathew J. Schwartz

Governance & Risk Management

7 'Star Wars Day' Cybersecurity Lessons

May the Information Security Force Be With You
7 'Star Wars Day' Cybersecurity Lessons

"May the Fourth be with you."

See Also: 5 Requirements for Modern DLP

Star Wars Day happens every year, celebrating the iconic science-fiction film franchise. It's the perfect time to celebrate these cybersecurity essentials, as received from "Star Wars" canon wisdom.

1. Too Good To Be True?

Have you ever come out of hyperspace in an attack against a Death Star, only to be caught out by a hidden Imperial fleet? Or have you ever been emailed by a Nigerian prince, asking if he can keep his $20 million tucked in your bank account indefinitely?

In the words of Admiral Ackbar: "It's a trap!"

2. Recruit Who You Must

In "Star Wars," the future of the universe relies on a whiny kid who takes a lucky shot, blows up a doomsday machine, but then can't stick the long-term training, gets his hand cut off by his father, watches his friends get captured by the opposition, and only then manages to come back dressed in all black - sporting a new, robotic hand - and save the day.

Takeaway: Don't be afraid to look for help in the most unlikely of places.

On the security front, one ongoing challenge is keeping users keyed in to emerging attacks, including phishing and malware. And where security awareness training is concerned, always remember the fun factor. In short: Never underestimate the power of kittens.

3. Test Things Before They Break

Photograph: Sam Howzit, Flickr/CC.

Ever needed to escape a blockade, only to find that your "bucket of bolts" can't make the jump to light speed, because you failed to keep your ship tuned up?

The same goes for information security defenses, and ensuring that, unlike Target, you're paying attention to alarms before the situation becomes critical.

4. Don't Fear the Dark Side

One recurring problem in information security circles is the proclivity by practitioners - and especially vendors - to trade on fear, uncertainty and doubt. But FUD doesn't help anyone get their cybersecurity shop in order. As Yoda tells Luke Skywalker: "Fear is the path to the dark side. Fear leads to anger. Anger leads to hate. Hate leads to suffering." And who wants to suffer?

5. Scum Will Congregate

The scum of the universe will always find ways to congregate. As Obi-Wan Kenobi noted of a certain less-than-desirable piece of intergalactic real estate: "Mos Eisley spaceport: You will never find a more wretched hive of scum and villainy."

Security experts say the same paradigm is at work in cybercrime circles, as revealed by the prevalence of underground forums - many apparently hosted in Russia - that sell products and services to other cybercriminals.

6. Learn From Repeat Attacks

"That's no moon." (Photograph: Windell Oskay, Flickr/CC.)

Why do villains create the plans for a major new weapons system once, then keep redeploying it? In that respect, the developers behind malware, ransomware and remote-access Trojans are a lot like the folks who keep building Death Stars, or their planet-based "Force Awakens" alternative. Except cybercriminals, of course, have enjoyed much greater success.

7. Don't Try, Do

Never wait to be attacked, especially if there are defenses that you can put in place - in advance - that will help blunt or block the impact of those attacks, be they phishing, ransomware or attacks launched via supply-chain partners.

The important thing is to get started, follow through and keep following through. In the words of Yoda: "Do. Or do not. There is no try."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.