Don’t Succumb to the Dark Side: Security Management Lessons from Star Wars

In honor of Star Wars: The Force Awakens, we’ve taken a look back through the films (purely for research purposes of course) and uncovered some important lessons about security.

Lesson 1: “A Jedi uses the force for knowledge and defense. Never attack.”

One of Yoda’s key teachings, using force for knowledge and defense – not for attack – is core to the Jedi and indeed to the Star Wars films.

This same strategy should also be integral to an organizations’ network security posture. It is critical that IT teams know what’s happening on their network, and that this is used to improve overall network security. While many believe that organizations should fight back against cyber-crime, ultimately we believe that companies are better off using the forces they have at their disposal – security basics – to better understand and address vulnerabilities rather than wildly chase attackers. As master Yoda would say, “Feel the force!”, and use it to your advantage.

Lesson 2: “Judge me by my size, do you?”

When Luke Skywalker is tasked with raising his X-wing from the swamp, he complains that it’s too big, which annoys Yoda. Yoda makes no excuses for himself — and does not want to hear any from his students.

Likewise, organizations cannot be complacent and passive, believing that the size or complexity of their networks guarantees any sort of protection. Organizations often think that their network is too complex or their business is too small to be targeted – which is just not true. Another wise piece of knowledge Yoda delivers is how “Many of the truths that we cling to depend on our point of view.” Regardless of size and certain beliefs, all organizations must be constantly vigilant about network security – everyone is at risk.

Lesson 3: “You are unwise to lower your defenses!”

Darth Vader’s warning to Luke when he refuses to fight him also applies as a warning to organizations when it comes to cyber-security.

Organizations often unwittingly lower their defences when they make network changes, configure (misconfigure) devices, or migrate applications, thereby potentially compromising their overall security posture. The key is to have built-in, ideally automated processes for managing security policies, coupled with effective network segmentation. As we often espouse, segmenting your network – building internal defences – is key to reducing cyber criminals’ lateral movements within the network and ultimately to providing better protection for your organization.

Don’t fall for the obvious trap, like the rebel fleet while attacking the Death Star in Return of the Jedi.

Lesson 4: “Do. Or do not. There is no try.”

When it comes to network security there is also no such thing as “trying”. It’s critical that organizations fully commit themselves to the cause of IT security to avoid falling victim to a cyberattack, costly network outages, business application failures, or a failed audit.

So there you have it, four IT security lessons from the previous Star Wars movies… looking forward to finding out what the next instalment has to offer! May the Force Be With You… Always!