Created by Herbert Schhmalz
Cymbeline is, if you will excuse the pun, full of symbols that we could learn from in the Infosec arena.
Let’s begin with token exchange. When they marry in secret, Imogen, daughter of Cymbeline, and Posthumus, a courtier who has risen throught the ranks, exchange a ring and a bracelet as tokens. The tokens are symbols of their fidelity and ultimately trust.
However when Iachimo enters into a bet with the now banished Posthumus, the bracelet is stolen from Imogen and is used as proof of her infidelity. If you choose to use tokens, you must be ready and able to secure them against misuse, whether this be your RSA access token or your passwords. We have so many tokens in use in the modern world, unlike in Shakespeare’s time, that there is terrible temptation to write the passcodes down. Just see the number of passwords scrawled on sticky notes or even the number of cashpoint PINs that are set to significant birthdays. If you are to put your trust in tokens, make sure only the correct person can use them.
The other overriding aspect of Cymbeline that bears further investigation is that of identity and in fact mis-identity. From the poison that is swapped for an elixir that only mimics death, to the fact`that Imogen disguises herself as a boy and Posthumus disguises himself as a defeated Roman soldier, we are reminded of the need to know who we are dealing with.
In modern life, only naive people truly believe an African Prince is writing to them to present them with the share of a massive fortune for the small consideration of a release fee, but more subtle phishing enterprises are extremely successful every day of the week. Internal company tests of fake phishing emails to test awareness regularly hit more than then 10 percent of the staff clicking on a link when they should not do so.
In the showdown in front of the king, if Posthumus cannot even recognise his wife because she is dressed as a boy, just what chance do we have? Internal phishing tests certainly encourage us to be more aware but as the technology employed becomes more sophisticated, we have to continually repeat the message and encourage our users to raise their game. We will not all have Pisiano the servant standing over us to explain our mistake when we are tempted to execute one more mouse click on a dubious email.