A long time ago, in a galaxy far, far away…
The Galactic Empire had some serious security flaws. The Rebel Alliance went to great lengths to exploit those flaws. Don’t be the Empire; learn from the Empire’s mistakes. (Not because they are bad, but because they had poor security.)
Episode VI: No Hope for the Empire’s Security
The plans for the ultimate weapon, the Death Star, have been stolen by the Alliance. Princess Leia sends these plans away with R2D2 to the surface of Tattooine on an escape pod. Two Imperial soldiers notice an escape pod ejecting and scan it for life forms, and finding none, do nothing to stop it.
Now, what does this tell us about the Empire’s security? First it tells us that they had a weakness in their security that the Alliance was able to penetrate. Second it shows us that although the Imperial soldiers noticed something suspicious, they took no immediate action to correct it. If you see something suspicious, REPORT IT IMMEDIATELY.
After receiving Leia’s plea for help via R2D2, Obi Wan Kenobi, Luke, Han, and Chewy journey to Alderaan. Unfortunately the Death Star destroys Alderaan before they can get there and the Millennium Falcon is pulled aboard right after they leave hyperspace. Aboard the Death Star, Han and Luke disguise themselves as Stormtroopers pretending to take Chewy to the detention block in order to free Princess Leia. This plan works until they get to the detention block command room where they are questioned by the guard (finally doing something right) and then a shootout occurs.
Han and Luke are using social engineering tactics to move around the Death Star relatively easily. This could happen in the real world if someone dressed up like a delivery man or even someone that works for your company. The guards in the detention bay did the correct thing when they asked for authorization. ASKING QUESTIONS IS GOOD!
While trying to escape from the detention block, Han, Luke and Leia find themselves in a tight spot (ba-dum-tish) when they go down a garbage shoot and the compactor turns on. Luckily for them (unlucky for the Empire), they brought along their own little expert hacker R2D2. All this little droid has to do is find a port, plug in, and then he has full access to just about everything. Did I mention that these ports are everywhere?
No wonder the Empire’s Death Star plans were stolen. And, it is just as easy in the real world. If you don’t lock up your space station workstation, someone could just come right in and steal sensitive information. Also, never plug any unknown devices into your computer. IT’S A TRAP. They could have infectious malware waiting to install the moment you plug it in.
The princess is rescued, the hero’s have escaped (minus one disappeared Obi Wan), and the stolen plans are secured. Spoiler Alert! (Oh come on, this movie came out decades ago!) The Alliance uses these stolen plans to find the Death Star’s one weakness, a thermal exhaust port. All it took to destroy the Death Star was one hit to this port.
This exhaust port can be an analogy for your company’s security. Even a tiny, itsy-bitsy, microscopic weakness can be exploited for catastrophic results. So, don’t be like the Galactic Empire. Report suspicious activity, ask if you are unsure, lock up your workstations, and protect your ports.
Sorry Darth Vader, the Security Force is just not with you.
Latest posts by The Security Awareness Company (see all)
- The Summer of Security - June 13, 2017
- How can YOU Help Build our 2017 & 2018 Development Roadmaps? - June 1, 2017
- Giveaways for #CyberAware Month 2016 – Enter to Win! [RAFFLE] - October 3, 2016