Photo Credit: FrogMiller via Compfight cc
A long time ago, in a galaxy far, far away….
“Imperial computer systems have been breached. Initial investigations indicate that data relating to the construction of the Imperial battle station Death Star has been copied and exfiltrated by Rebel spies. We have mobilised our counter-espionage and security teams. Due to the serious nature of this breach, the Emperor will be sending his own representative to manage the breach remediation and the subsequent data recovery operation.
“Ongoing investigation has revealed that the copies of the Death Star plans have been forwarded to the Alderaan consular spaceship Tantive IV, registration code to follow. A data recovery team, led by the Imperial representative, has been dispatched to recover the copied plan. The use of maximum force has been authorised.
“Data recovery efforts continue. It appears the copied plans have been transferred to a privately owned Astromech droid serial number R2D2. Orders have been issued for all Imperial units to investigate any R2 unit found on Tatooine and surrounding star systems.
“All units. Starship Millennium Falcon, registration code YT 492727ZED, last seen leaving the Tatooine system is thought to be carrying the droid and plans. Destroy on sight.”
[Excerpts from database of CISO, Death Star, recovered on Coruscant, 0 BBY]
These words aren’t in the Star Wars script, but they could be. I’m always surprised when I sit down and watch the original Star Wars movie, for at its heart, there is a powerful information security message. Star Wars is all about data, as the film tells the story of a breached organisation (the Empire), its attempts to recover copied, stolen data and stop that data being used against it.
So, what can we learn from Star Wars? First, know the data you have and classify it to reflect its importance to your company. The Empire actually knew what was copied and its importance: a good case there of data classification. Second, collect data to help you understand what has happened, what has been stolen and who did it. Logs are invaluable for this, as is the expertise to understand them. You probably won’t have Darth Vader to help you, or the Force for that matter, so use what you can – and what is in your power to collect and analyse. Third, lock down your systems to stop the easy attacks and control access. You don’t want the hacker equivalent of R2D2 searching and controlling your systems so easily – as R2D2 did when on-board the Death Star. Fourth, have a plan to mitigate the effects of the breach: you won’t have an empire’s resources at your disposal, so it will be essential to focus what resources you have on the things that matter.
Finally, the movies also highlight the futility of trying to recapture your data – for all its resources (and the physical violence it could use) the Empire couldn’t get it back – remember, once it’s gone, it’s gone!