{"id":15191,"date":"2022-06-02T08:46:33","date_gmt":"2022-06-02T08:46:33","guid":{"rendered":"https:\/\/ivaluegroup.com\/en-gl\/?p=11148"},"modified":"2022-06-02T08:46:33","modified_gmt":"2022-06-02T08:46:33","slug":"3-infosec-lessons-we-are-still-learning-from-star-wars","status":"publish","type":"post","link":"https:\/\/ivaluegroup.com\/en-kh\/blogs\/3-infosec-lessons-we-are-still-learning-from-star-wars\/","title":{"rendered":"3 InfoSec lessons we are still learning from Star Wars"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"15191\" class=\"elementor elementor-15191\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ea33753 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ea33753\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e10dab4\" data-id=\"e10dab4\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6db70fd elementor-widget elementor-widget-text-editor\" data-id=\"6db70fd\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<div class=\"blog-post-des\"><div class=\"blog-post-detail\"><p>A long time ago, in a galaxy far, far away, a movie franchise captivated the world and introduced us to a new way of thinking about security. Star Wars taught us that security is about more than just keeping bad people out \u2013 it is about making sure good people can do their jobs and fulfill their missions, even in the face of overwhelming odds. Today, those same lessons are applied to the field of information security. As our world grows more interconnected, we are learning that the best way to protect our data is not to keep it hidden away from prying eyes, but to make it accessible only to those who need it.<\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">When it comes to data security the Star Wars franchise provides some valuable lessons. In a galaxy filled with advanced technology, the characters are constantly faced with hacking threats. From the Death Star\u2019s data breach to the infiltration of the Rebels\u2019 base on Hoth, these stories show that no system is completely secure. If Darth Vader had better information security in place, maybe his planet-killing weapon wouldn&#8217;t have been squashed by rebel spies &#8211; thrice. For those who haven\u2019t seen Star Wars &#8211; spoilers ahead!<\/span><\/p><p><strong style=\"font-style: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">Attackers exploiting hidden vulnerabilities<\/strong><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">Was the Death Star the most powerful weapon in the galaxy? &#8211; Yes.<\/span><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">Did it take a powerful weapon to destroy it? &#8211; No, it only took 2 torpedoes.<\/span><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">How was that possible? &#8211; Thanks to Galen Erso, the genius scientist behind the construction of the Death Star, who hid a critical flaw that made the planet-sized weapon vulnerable.<\/span><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">In large systems introducing a vulnerability or missing out on a system flaw is easy. If the Empire had invested some resources to perform a third-party audit and penetration testing of their system then such a critical flaw would\u2019ve been identified right away. Organizations must keep in mind that sometimes all it takes is a small vulnerability for a threat actor to gain complete control of a network. Hidden backdoor programs and unpatched security vulnerabilities in forgotten systems are prime targets. Regular patch updates can help mitigate the attack surface. For instance, a security flaw in Apache Log4j has rendered over <\/span><a style=\"font-style: inherit; font-weight: inherit;\" href=\"https:\/\/www.sdxcentral.com\/articles\/news\/more-security-chaos-strikes-microsoft-cosmos\/2021\/08\/\" target=\"_blank\" rel=\"noopener\">89% of all IT environments<\/a><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\"> to have vulnerable Log4j libraries. According to <\/span><a style=\"font-style: inherit; font-weight: inherit;\" href=\"https:\/\/blog.checkpoint.com\/2021\/12\/11\/protecting-against-cve-2021-44228-apache-log4j2-versions-2-14-1\/\" target=\"_blank\" rel=\"noopener\">Check Point<\/a><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">, over 48% of global corporate networks have been exploited.<\/span><\/p><p><strong style=\"font-style: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">Protecting an IoT world: Droids, robots, and artificial intelligence\u00a0<\/strong><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">The Star Wars series introduced us to an interconnected technology ecosystem where robots and artificial intelligence (AI) are controlled by both sides &#8211; the Jedi and the Sith. Droids and clones were used by both sides at one point, playing critical roles in the Clone Wars and the Galactic Civil War. Yet, they were frequently sliced (hacked), sabotaged, reprogrammed, and memories wiped.<\/span><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">The droids posed a significant security challenges but were mostly left on their own. Remember K-2SO from the film Rogue One? The imperial security drone was reprogrammed to serve the Rebel Alliance. Or the Jawas fitting droids with crude restraining bolts to hack into their systems and incapacitate their autonomous function. The destruction of the Death Star makes you question the security systems of your IoT vendors. R2-D2, a mobile droid, was able to gain unauthorized access to the Imperial network, hack into the Death Star, and basically infiltrate any system despite being shut down for years.<\/span><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">Every time a new droid or Internet of Things (IoT) device is added we expand our network footprint and attack surface. Addressing the security issues of IoT devices requires expertise in AI, machine learning, and data analytics. If you\u2019re just getting started with AI and machine learning, don\u2019t worry; you can still gain access to historic data and practice your R2-D2 skills.<\/span><\/p><p><strong style=\"font-style: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">An overwhelming amount of security design flaws<\/strong><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">The Empire spent a whopping <\/span><a style=\"font-style: inherit; font-weight: inherit;\" href=\"https:\/\/www.bnnbloomberg.ca\/hainsworth-star-wars-1.633464\" target=\"_blank\" rel=\"noopener\">$192 quintillion<\/a><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\"> to build. But despite its power, the entire system had flaws (most fatal) that could be exploited to execute arbitrary code. The Imperial network was riddled with security by design flaws from lack of network segmentation, intrusion detection systems, data leaks, and an inability to learn and adapt from mistakes.<\/span><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">Security by design, especially in the cloud, helps prevent system errors from an early stage. According to Gartner, a cybersecurity mesh architecture approach (CSMA) provides &#8220;a composable and scalable approach to extending security controls, even to widely distributed assets&#8221;. A CSMA is a responsive security approach that moves past siloed security and builds a more collaborative security force &#8211; just like the Rebel Alliance.<\/span><\/p><p><strong style=\"font-style: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">Do, or do not. There is no try.<\/strong><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">In the information security world, we can learn a lot from Star Wars \u2013 both in terms of what to do, and what not to do. The Rebel Alliance were able to defeat the Empire not just because they had better technology but also because they had better people. In the same way, we need to focus on developing the right skills and capabilities in our people if we want to win the fight against cybercrime.<\/span><\/p><p><span style=\"font-style: inherit; font-weight: inherit; background-color: var(--ast-global-color-4); color: var(--ast-global-color-3);\">May the force be with you.<\/span><\/p><\/div><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>A long time ago, in a galaxy far, far away, a movie franchise captivated the world and introduced us to a new way of thinking about security. Star Wars taught us that security is about more than just keeping bad people out \u2013 it is about making sure good people can do their jobs and &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/ivaluegroup.com\/en-kh\/blogs\/3-infosec-lessons-we-are-still-learning-from-star-wars\/\"> <span class=\"screen-reader-text\">3 InfoSec lessons we are still learning from Star Wars<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":3,"featured_media":15059,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"elementor_theme","format":"standard","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"page-builder","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"enabled","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[109],"tags":[135],"whitepapers":[],"case_studies":[],"acf":[],"_links":{"self":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts\/15191"}],"collection":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/comments?post=15191"}],"version-history":[{"count":0,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/posts\/15191\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/media\/15059"}],"wp:attachment":[{"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/media?parent=15191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/categories?post=15191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/tags?post=15191"},{"taxonomy":"whitepapers","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/whitepapers?post=15191"},{"taxonomy":"case_studies","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-kh\/wp-json\/wp\/v2\/case_studies?post=15191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}