Date: 4th May 2021
Author: Gary Hibberd
Most people who know me know I’m a big fan of the Star Wars franchise. I remember seeing the first movie as an excited 9 year old in 1977, and as the saying goes “Forever did it consume my path”! Now, I know it’s playing into the ‘Geek’ and Science fiction stereotype, but stay with me.
There’s a reason that Star Wars is important and is particularly relevant to our Cyber and highly digitised world.
Star Wars – A Different Movie
Firstly I always say to people that Star Wars would have been a different movie if the Empire had been ISO 27001 Certified. Not convinced? Try this;
- The Plans for the Death Star(s) would have been encrypted
- Physical security risks would have been assessed long before the attack began
- The insider threats would have been risk assessed
I guess it would have made for a less enjoyable movie and a much shorter one too! But there are lessons that we can learn from Star Wars, and it’s central to what the movies are about and speaks directly to what we do; The battle between good and evil and the lure of the ‘Dark side’.
The Journey to the Darkside
Almost daily, we hear about a cybersecurity breach or data leak of some kind, where a hacker has breached security and stolen thousands and even millions of personal records. For example, in Equifax, over 147,000 million records were stolen, but this stands in the shadows when we compare it to the 11 Billion records exposed in the CAM4 breach. This leaves customers wondering what to do and who could have targeted them.
Breaches and data theft can and does cause very real harm to organisations and individuals alike. Organisations have costs to recoup, reputations to rebuild and clients to regain. In his latest book, ‘Happy Sexy Millionaire’, Steve Bartlett reveals how a cyberattack resulted in their business losing 80% of their clients. Thankfully, his story ends happily, and he tells us how he and his team worked tirelessly over the coming months to recover the reputation of ‘Social Chain’, and turn it into a business that is reportedly worth over £250 Million. Although this is a positive story, the reality should not be lost on us – It took them months to recover. Steve and Dominic (the founders) went unpaid to ensure there would be no redundancies and they relied on clients who knew them personally.
Would YOU be willing and able to go unpaid, following a breach, to protect your business?
Hackers can and do cause virtual and physical harm. But WHO are they? What do they look like? When I ask this question, people assume it’s either the work of criminal gangs or the work of some young kid in his bedroom. The fact is, there’s a good chance it’s both.
Obviously, there are exceptions to every rule but generally speaking, the profile of a hacker is the following;
- Aged between 12 and 19
- Male (mostly)
- They (often) have feelings of isolation or feelings of detachment
- Low(er) self-esteem
The more of the attributes above, the more likely the person will go from a casual, curious hacker to a full-on cyber-criminal.
It’s worth remembering that Hackers are simply people who enjoy understanding the inner workings of a ‘thing’, and taking it apart to see if they can manipulate it to do something unexpectedly. I often tell people that Heston Blumenthal, the world-renowned multi-sensory chef, is a Hacker of our culinary senses!
In truth, Hackers don’t wake up one morning and think, “Oh. Today I’ll hack into NASA, or shall I hack into [BANK NAME]”. As in the Star Wars movies, hackers evolve from naturally inquisitive exploration to being ‘seduced by the dark side of the internet. This seduction can come in many forms, but a typical journey is where a talented young boy/girl begins to brag about taking down people in games or carrying out an attack on a particular website. This then raises the interests of others who encourage the ‘youngling’ by providing them with tips and tools to improve their knowledge. Over time their skills improve, and the audacious hacking events gain them popularity and/or financial gain.
The Journey to the Dark Side is Complete
Cybercriminals start out by having more than a passing interest in computers and programming and are then lured to the dark side by those who see them as talented individuals who can be influenced (via money or status) to carry out their bidding. Just as we see the young Anakin in the Star Wars movies, being trained by Obi Wan, but ultimately being controlled by Darth Sidious, Hackers can very quickly become part of something they didn’t fully understand or expect at the outset.
Organised criminals from across the world can, and do target young talented computer ‘Geeks’ and persuade them that “no one gets hurt”, “it’d be cool” or “You can make loads of money” all in exchange for a task or two. Online Grooming isn’t always linked to some sexual activity – it’s about coercion and manipulation – almost like a Jedi mind trick!
So what does this teach us?
Thankfully, unlike young Skywalker in the movies, once our young hackers have begun down the path to the dark side, they may see the error in their ways. Hopefully, before they do too much damage or get caught by law enforcement agencies.
The journey from a young computer geek (Jedi) to a fully-fledged cybercriminal (Sith Lord) is one which many young people take and could be taking right now, sat in their bedroom at home. When people tell me that their ‘little Stephanie/Stephen are really good with computers, and spend hours playing in their rooms’, I wonder who is educating that child on how to navigate this strange new universe (and it is still new, relatively speaking).
Our advice is to engage with your children and speak to them about their activities online (in a non-confrontational way). Explain to them that you’re interested in learning about this new universe and ask them to teach you.
Don’t be afraid to ask. Don’t be afraid to talk to them…
Because as Yoda observed; Fear is the path to the dark side … fear leads to anger … anger leads to hate … hate leads to suffering.
Cyberfort Deep Dives
Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >