As I sat through the premiere of “Rogue One: A Star Wars Story” this past weekend, I couldn’t help but relate it back to a familiar tale that consistently comes up in IT security. The similarities were striking as I watched the story unfold. (Warning: spoiler ahead.)
The story opens, as it always does, in a galaxy far, far away. We learn that the plans for the Death Star reveal hidden vulnerabilities in its design that the Rebel Alliance may be able to exploit. To succeed, however, the Rebels would need to steal the plans and would use tactics like social engineering as a way to locate and exploit the weakest link in the Imperial defense. Turns out this weak link took the form of a security breach from a user. Starting to sound familiar?
Once inside, the Rebels set up diversions for the Imperial forces, so they could try to locate the plans in the Imperial data storage. They were in luck. Because the data wasn’t encrypted, they could easily identify the plain text files in which they’d find not only the plans, but also the crown jewel: the vulnerability that could destroy the Death Star.
As part of their strategy, the Rebels sought the assistance of two malicious insiders, a pilot and K-2SO, an Imperial security droid that had been reprogrammed and was now loyal to the Alliance. Once the Rebels got the data, they faced another major hurdle: exfiltration. In order to get the files out, they needed to take down the Imperial shield. They threw everything they had at it, bringing the shield to its knees like a massive DDoS attack. Success.
There’s been a lot of debate over the moral of “Rogue One: A Star Wars Story.” Redemption, sacrifice, and looking outside oneself for purpose are a few. The film has even sparked some controversy as filmmakers and political extremists argued whether or not the story had political undertones. (Obviously.) But from my standpoint, the moral we can all take away from “Rogue One” is as follows: Don’t become the weakest link in your network by falling victim to social engineering or bypassing security controls, and do invest in sandbox technology that will prevent infected files from being downloaded; do protect your data with robust encryption and the use of data loss prevention; and always be sure to use the Force.
Read how Zscaler Cloud Sandbox blocks malware and prevents C&C calls
Read how Zscaler Data Loss Prevention prevents data exfiltration