Don’t become the next Death Star

The wait is over, spoilers may be imminent, and fans across the globe are giddy.

That’s right – the newest Star Wars motion picture has finally hit theaters and the reviews are rolling in. Fans are lighting up the internet with blogs, fan fiction, speculation, and analysis of every frame of the movie. Seeing the newest addition to the time-honored series has me thinking about Star Wars… and cybersecurity.

With each addition to the expanding Star Wars movieverse, IT security bloggers use the Galactic Empire (now the First Order) and the Rebel Alliance as analogies for companies and hackers. And why not? The saga that brought us the Jedi and Sith to teach us about good and evil, right and wrong, hope and despair, also provides a wealth of lessons for security experts.

Over the years, the Galactic Empire has been picked apart – smeared for its lack of network segmentation, accused of having unsecured ports and unlimited data access, shoddy firewalls, and, of course, terrible security awareness training. But what about insider threats?

Let’s take a look at the insider threats that could have changed the entire fate of the Star Wars universe.

The real fate of the death star

This just in – it was an insider threat that took down the largest space base of its time (before the First Order upped the ante in The Force Awakens).

For 39 years, fans believed the Death Star had a flaw built into it due to an oversight— a bug found and exploited by the rebel alliance. However, in Rogue One we learned Galen Erso purposefully sabotaged the Death Star’s design in a way that would destroy the entire space station. Erso, a high value resource, was coerced into working on the most pivotal military project the Empire ever embarked upon. This was an insider threat waiting to happen, and it should’ve immediately triggered alarm bells.

This is akin to a disgruntled principal architect at a major device manufacturer purposefully enabling access to the root super-user account without requiring a password.

Hackers in disguise

In the original trilogy, Luke Skywalker and Han Solo sneak into Empire bases and get around by stealing the uniforms of stormtroopers.  

Similarly, many organizations have ample measures to protect bad guys from getting inside, but what if the hacks are coming from the inside? Just as Luke and Han camouflaged their true identities and snuck around the Empire bases, privileged users – and even business users – may be hackers in disguise.

What now?

If organizations want to avoid the fate of the Death Star, they should start by evaluating their current cybersecurity processes and technology. It is almost impossible to complete a full risk and security assessment on a galactic scale, but for an organization, it is crucial.

Within system development lifecycles, such as the creation of the Death Star, it is crucial for projects and plans to be reviewed and for organizations to have full visibility into what their users – vendors, privileged users and employees – are doing to ensure the security of the organization’s key systems and data.

Organizations should have the appropriate processes and technology in place to ensure they are able to detect risky, out-of-policy behavior, quickly investigate the incident with the context of what the user was doing before and after to establish intent, and prevent the loss of data.

May the Force be with you (and your data).