[May the 4th] How Security Awareness Training Could Have Saved the Death Star



May The 4th KnowBe4It's May the 4th, a holiday that celebrates our love for a galaxy far, far, away - Star Wars! I can't help but share some cybersecurity learning lessons from one of my favorite Sci-Fi movie series.

For example, lax security allowed for the theft of a single data file that would cripple the Galactic Empire by leading to the destruction of the Death Star during Rogue One: A Star Wars story. Implementation of a more advanced security protocol, which includes a comprehensive employee security awareness program, could have likely prevented this breach from occurring in the first place.

Let's dive in...

Galen: Insider Threat From a Privileged User

  1. He was definitely a disgruntled employee and designed hidden fatal exhaust port flow in Death Star plans
  2. Was an influence to Bodhi and convinced him to deliver data on the exhaust port
    1. Employees loyal to The Empire were likely not trained to recognize signs
    2. Trained employees would know that if you see something, say something!

Scarif Overall Planet Security: Weak

  1. People could enter/exit the planet without regulation by the deflector shield
  2. Rely on clearance codes to control in/outgoing ships 
    1. Clearance code used for stolen cargo shuttle still was active
  3. Allowed Rogue One crew to land at the Citadel Tower on Scarif without additional security protocols
  4. The deflector shield was left open unless an emergency happens
  5. X-wings were able to fly into Scarif before the shield closes
    1. Clearance codes should have been more closely monitored and deactivated
    2. A lack of awareness of physical security threats is like leaving your front door open with a lazy security guard

Citadel Tower Security: Even Worse

  1. Virtually no ID scan or check once you land at the facility
  2. Rogue One crew overtakes security officers, seals their clothes; no one notices!
    1. This is security 101 - you should always have employed multiple levels of authorized access and trained employees to be more vigilant
  3. K2SO hacks into random robot and gets entire facility map
    1. A lesson in restricting employee access
  4. Death Star plans are on one physical file and it's easily accessible
    1. You should NEVER store all your most sensitive data in one place
    2. Was this data even encrypted?

Long story short: A single security breach can have devastating consequences on an organization, whether it's a company or a murderous Galactic Empire. 

Don't let a series of events, many of which could have been prevented with a strong security culture bring your organization to its knees. New-school security awareness training, on the large scale and small, are everyone's responsibility to keep top of mind.


The world's largest library of security awareness training content is now just a click away!

In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.

You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.

ModStore01-1The ModStore Preview includes:

  • Interactive training modules
  • Videos
  • Trivia Games
  • Posters and Artwork
  • Newsletters and more!

Start Your Preview

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/training-preview



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews