Liz Kelly | Social Program Manager
A long time ago – in 1977 to be precise - in a film theatre far, far away, a film called “Star Wars” was released, which took the world by storm and changed sci-fi, cinema, and pop culture over the next few decades. This intergalactic tale of lightsaber duels, droids, and the rebel alliance can actually teach us a lot about the importance of strong and secure passwords. So, on the occasion of Star Wars Day - May the 4th be with you – and also World Password Day on May 5th, here are some cybersecurity lessons we can all learn from Star Wars.
1. Do or do not – There is No Try
The Death Star was created to be the most impenetrable battle station in the galaxy and was the Galactic Empire’s pride and joy. At the end of Star Wars: Episode 4: A New Hope, Luke Skywalker was able to launch two perfectly placed proton torpedoes into a small thermal exhaust port on the Death Star, thus blowing it to smithereens in seconds. Luke was clearly focused on what he needed to do, and he did it – there was no try with him.
While the Galactic Empire thought that the Death Star was impenetrable, it is a clear lesson that nothing is foolproof. Even the tiniest vulnerability on devices could allow a hacker to install malware on them and possibly on your network too. Computers, smartphones, and tablets all have software updates that need to be applied to patch security vulnerabilities, and these should be installed as soon as they are available.
2. Help me Identify who you are. You’re Our Only Hope
Stormtroopers all look the same, and it is easy to steal their outfits and, with it, their identity. This was shown in Star Wars Episode 4: A New Hope, where Luke Skywalker and Hans Solo commandeer the outfits of two stormtroopers to infiltrate the Death Star and rescue Princess Leia. Stealing identities is very easy to do, and only requires a couple of pieces of key information that hackers can exploit.
3. No Password is Required to Access the Entire Imperial Network
Once onboard the Death Star, R2-D2 plugs directly into it and finds out all sorts of things, from where the tractor beam controls are located, to deactivating the rubbish compactor before it crushes Luke Skywalker, Han Solo, Princess Leia, and C3PO to death. This highlights a couple of critical cyber security flaws. First, the lack of any authentication – instead of having to provide a code or password – allowed a random droid to plugin and gain immediate access to the Death Star. Second, a lack of network segmentation was evident. Had the Galactic Empire divided the Death Star’s network into different independent segments, R2-D2’s access might have been more limited.
4. I Find Your Lack of Faith in Cyber Security Disturbing
In Star Wars 4: A New Hope, Princess Leia talked about information vital to the survival of the rebellion in a recording she made for Obi-Wan Kenobi that was stored in R2-D2. That information turned out to be the plans for the Death Star, which ultimately made it into the hands of the Rebel Alliance. One of the Galactic Empire’s generals pointed out that with this kind of information, the rebels might find and exploit a weakness within the Death Star. His warnings were dismissed, but the plans do indeed allow the rebels to identify the one weak point in the Death Star, formulate an attack plan, and ultimately destroy it. The lesson to be learned here is that if your IT department or CISO warns you about a potential security vulnerability or threat, it is worth looking into it rather than dismissing it.
5. Social Engineering can Make you do Anything and Has a Strong Influence on the Weak Minded
When Luke, Obi-Wan Kenobi, R2-D2, and C3PO visit Mos Eisley, they get pulled over by some stormtroopers who are on the hunt for two fugitive droids. The stormtroopers ask questions and demand to see some ID until Obi-Wan uses a Jedi mind trick to convince them to let Luke go about his business and move along.
Social engineering can make you do anything, and while it might be dressed up as a Jedi mind trick in Star Wars, cybercriminals will often use lies, charisma, and charm to get what they need, not the Force. You should be wary of any social engineering attempts that cybercriminals undertake to get hold of confidential or sensitive data.
Conclusion
As Yoda says in Star Wars Episode 1: The Phantom Menace, “Difficult to see; always in motion is the future.” This is very true in cybersecurity – new threats emerge almost daily, so it is impossible to predict the future and see what kind of new threats will emerge. Much to learn in cybersecurity we may have, and as always, may the Force be with you, but also…may the ability to learn from Star Wars when it comes to cybersecurity be with you even more.
Learn more with Thales’s range of access management products.