Have you seen Rogue One (the new Star Wars movie)? No? OK, stop reading right here.
No seriously, stop reading and go see the movie. Then come back and read this article.
If you’ve seen it, did you think about data loss? I sure did. In fact, I believe Rogue One is the single greatest data loss adventure film / cautionary tale ever made. It’s got the best special effects, for sure.
The plot is literally a classic data loss prevention (DLP) “use case”:
- unauthorized users (Jyn Erso and Cassian Andor!)
- penetrate network security perimeter (planetary forcefield!)
- by masquerading as authorized traffic (on a Zeta-class cargo shuttle!)
- to gain access to a massive data storage array (you know, the big SAN at the heavily-guarded Citadel Tower base)
- and grab sensitive data (see: technical readout on Death Star exhaust port / access to reactor core!)
- using pilfered credentials (the dead Empire guy’s hand!)
- to exfiltrate data to the Internet (the Rebels!)
- causing great harm (exploding Death Star!) to the data owner (the Empire!)
But wait… there’s more!
- The Empire was thorough, locating the data tape in a six-story data vault behind a large door, cut off (air-gapped) from the LAN, and accessible only with biometric (right handprint) scanner authentication — not a bad “defense in depth” model
- The Empire had some rudimentary content filtering / traffic monitoring rules in place to detect the incident – but they couldn’t stop the data loss itself (I blame that on a breakdown of people and process, not technology)
- The Empire’s risk management team can’t be criticized too harshly — who could have foreseen (or prepared for) not one but two (2!) star destroyers getting pushed/crashed headlong into the shield gate above Scarif, disabling the planetary forcefield? Unthinkable stuff.
One final thought: we’ve all experienced security incidents, some severe. In the midst of trying to contain the crisis, we must question if the “fix” is going to cause more damage than the problem itself.
Take for example an enterprise network that has been targeted in a malware attack campaign. Hundreds of hosts have been infected, bots are communicating with command-and-control servers in the Ukraine, sensitive data is being exfiltrated, and the organization’s health, well-being, and reputation are on the line. It’s tempting to “pull the plug”, to shut down the network, or block Internet access. You might want to immediately fire the vendor, your CISO, and your network manager. You’ve consider quitting — before they fire you. Things are grim.
But at least you’re not Grand Moff Tarkin, who decides to fire the Death Star’s superlaser at the military facility on Scarif, killing everyone on the planet including Orson Krennic, and thousands of his own Imperial soldiers. On the hope that it might stop the data loss from occurring. Which it doesn’t.
How’s that for an overreaction?
Don’t be a Moff Tarkin. Get your data breach and incident response plans in place today, and sleep better tonight!
Worried about rebel forces attacking your company’s data (or another likely scenario)? Click here to learn how infoLock Technologies can help.
Sean Steele is Co-Founder, Managing Partner, Technology & Professional Services at Infolock.
- CISO, We Have a Problem
- Managed DLP Services
- Drowning in Data?
- Buying Bad
- Learning from the Equi-Fail
- Data is the New Black
- Data Loss in a Galaxy Far, Far Away
- Peak Vendor: Reclaiming InfoSec Priorities and Budgets in the Age of Big Marketing
- The Four Do’s of DLP
- Building a New MSSP, Overcoming the DLP Blame Game