January 29, 2016//Ellen NeveuxLast Updated: May 30, 2018
Over the holidays, Raj Patel said he and his family went to a movie theater to see “Star Wars: The Force Awakens.”
In addition, Patel, the partner in charge of the cybersecurity for accounting firm Plante Moran, and his family also watched the first six movies over a few weeks. So what did he learn from watching all those movies? It’s probably not what you think.
Here’s Patel’s big takeaway: “In each movie, the demise of the empire is caused by a lack of adequate cybersecurity measures.”
Patel observed that the lack of cybersecurity isn’t just a problem “in a galaxy far, far away” but rather one enterprises face right here on Earth.
Here are some of Patel’s examples from real life as well as the movies:
Lack of Encryption – The rebels were able to access the Death Star’s blueprints in “Episode IV: A New Hope” because they weren’t encrypted. Closer to home, Patel noted that news surfaced last year that on at least two occasions, Chinese hackers breached the database of the federal Office of Personnel Management, exposing the records of over 20 million current and former federal employees.
“Looks like both the Death Star and the federal government would benefit from better encryption software,” Patel said.
Lack of Security Controls in Systems – Most systems on the Death Star didn’t have any security controls, Patel noted. Because of that once the rebels mapped out the Death Star and its critical infrastructure, they had no trouble getting into the sensitive areas and systems so they could destroy them. “We also see this in real life,” Patel said.
For example, 76 million customer records were compromised at JP Morgan Chase in 2014 by hackers who accessed JP Morgan applications and identified known vulnerabilities in each system, including “web applications to identify entry points into the bank’s systems,” he said.
Trojan Horse – When the Death Star locked in on the Millennium Falcon, it slipped into bay 327, enabling a Trojan horse inside the ship. This malicious program allowed Luke, Han, and Obi-Wan to bypassing all physical controls and access the Death Star. Ultimately, they destroyed the Death Star and rescued Princess Leia. Patel said this scenario reminded him of the malicious Trojan Horse software that was embedded into Target’s point-of-sale system, compromising 40 million credit and debit cards in 2014.
Patel said the reason that the early Star Wars movies didn’t include the right cybersecurity controls was because they didn’t exist in reality at that time.
“But considering the cybersecurity advancements here on Earth, I was expecting that in the new movie the First Order would not only have better security controls, but also a futuristic approach to cybersecurity. While I enjoyed the movie, the lack of cybersecurity was a letdown (or, in the words of Darth Vader, ‘disturbing’),” he added.
Request a demo – learn how to protect your galaxy.