Anne-Marie Eklund Löwinder: How do we prevent human error?
Read IT security expert Anne-Marie Eklund Löwinder's tips on how to prevent most common cause of data leaks: human error.
There is no shortage of cybersecurity scenes in movies and TV shows. How realistic they are, can vary a lot. We have seen countless flashing pop-up windows in NCIS and scenarios where they make a hacker do their job under insane circumstances in Swordfish.
But even the worst Hollywood cybersecurity scenes can teach us something! Storytelling is one of the easiest ways to educate, so feel free to share this article with your colleagues and let your favorite movies raise cybersecurity awareness in your organization. Here are 3 times Hollywood got cybersecurity wrong, and 3 times they actually knew what they were talking about.
Lights...
Camera...
Action!
Look, we are all aware that the James Bond movies are not the most realistic flicks on the market. Daniel Craig’s run as the British super spy, has however been praised for being more real than its predecessors. This scene makes us question that statement.
Here we see Q trying to hack into Silva’s computer. Right of the bat, he seems to think that it’s a good idea to plug an unknown device into the MI6 network. Spoiler alert: It’s a huge security risk that leaves all your data, information, and systems vulnerable to whatever might be on that computer.
As if this blunder wasn’t enough, the next part is honestly confusing to watch. Bond recognizes a word in the encrypted data, uses this as a key, and the rest of the data gets Instantly decrypted too. We feel like we need to stress this: This is not how encryption works.
Humans can’t decode encrypted data with the naked eye. If you could, it would not be a very safe method to use for classified information.
Don’t mess around with unknown devices in general, but we feel like this is something we don’t have to tell the majority of you.
The bigger lesson is that encryption is a secure way of protecting your data. It is of course possible to hack into encrypted information, but it is extremely difficult and requires huge technical knowledge, advanced software and lots of time.
Therefore: Protect your data using encryption! This is a requirement by the GDPR when sending sensitive personal data digitally. But encryption can also protect your organization's most valuable information from unwanted eyes.
Find out more about email encryption here.
For anyone who might not be familiar, Numb3rs was an American crime show that ran for six seasons. In this particular scene, the team is ‘listening in’ on a chat between two hackers.
The problem is… they only speak in 1337. How will the team ever know what is said? Luckily one person can act as a translator.
Please excuse our audible sigh. If you don’t know, 1337, or leetspeak, is basically modified spelling and is primarily used on the internet. Not to mention by gamers.
It is factually correct that leetspeak was made popular by hackers in the 80’s and if the show was set then, it might have been more realistic that only hackers would be able to read it. But in 2009, in the middle of online games like Counter Strike gaining huge popularity? Yeah, we doubt it.
Let’s do a test! If you can read the below, then you don’t have an issue reading leetspeak:
c4n y0u 234d 7h15? 7h3n y0u c4n 234d 13375p34k.
Let’s not even get into the convoluted explanation of a “pretty primitive” chat program.
Cybersecurity isn’t some kind of ultra-complex thing that only IT-people understand. It is absolutely possible for everyone within an organization to understand security procedures. All it takes is awareness and proper education.
It is important to know that cybersecurity is not only firewalls, encryption and hackers. It’s also password management, email etiquette and awareness of risks, which starts and ends with the user.
Don’t get us wrong, we love Sherlock as much as the next person. And we are willing to overlook this plot point for the sake of entertainment, but that doesn’t make it more realistic.
In this scene, Sherlock has been sent Irene Adler’s phone for safekeeping, as it contains very important information. If it leaks, it is a matter of life and death for Irene. When trying to open it, the phone displays “I AM _ _ _ _ LOCKED”. By picking up on physical cues from Irene, Sherlock is able to figure out that the password is SHER LOCKED.
The biggest issue with this scene is that Irene Adler is supposed to be very intelligent, but still she:
While Sherlock’s reveal was entertaining, it is highly unlikely that important information like this would be guarded with such a weak password.
Instantly guessing a password is also a trope that has been used to death. Unless you are using something like '1234' or your own last name, a password can't be cracked with two tries.
While this is a very unlikely scenario to go down for something so important, it still teaches us to remember proper password management. Even though the data you possess might not be a matter of life and death, like it was for Irene, it can still be very valuable.
The most secure way of keeping your logins safe is by creating passwords using a generator and then store them in a password manager. Don’t ever write anything down… Actually, let’s not get ahead of ourselves, we are coming back to this point.
In this scene, Rihanna plays a hacker who is trying to access the cameras in a museum. To do this, she needs access to the Head of Visual Matrix Design’s computer. She figures out who holds this position and looks him up on Facebook, where she learns that he is very passionate about a certain dog breed.
Based on this, she tailors an email to him with a link that lets her take over his computer if clicked. And of course, he swims right into her metaphorical net, giving her access to everything in his computer.
Watch out for phishing, or spear phishing in this specific case.
This is one of the fastest growing threats within cybersecurity, and criminals are doing just what Rihanna did in this scene: Targeting a specific person, with the right kind of position in a company. What they are after varies from data to money and everything in between.
Therefore, you should always be suspicious of any strange emails you get and not click any odd links. Check out this article to learn how to spot a phishing email.
Okay, so this one is a little outdated, but it still holds true. Classics are classics for a reason, right?
In this scene a young man is hacking into his school's computer to change his and his friend’s grades. He does this by calling into the computer, something modern hackers would definitely not need to do any more, and then enter a password.
He says: “They change the password every couple of weeks, but I know where they write it down.”
Do you remember when we said not to get ahead of ourselves? Here it comes!
War Games has been praised for having one of the most realistic scenes portraying hacking. People do write down their passwords, which is a huge security risk. Think about how many people move around an office all day – co-workers, cleaners, clients, candidates.
There are countless of opportunities for written down passwords to end up in the wrong hands. In this scene it only affects some grades, but imagine what it could do to a company or an organization…
We know, calm down, the hacking scenes aren’t the most realistic parts of Jurassic Park, which is a movie starring cloned dinosaurs. BUT they do have some truth to them.
In this scene, Nedry, has shut down the system to be able to leave the island with some stolen vials that he is going to sell. The way he does this is… let’s just skip the actual execution shall we? It isn’t very helpful or accurate after all.
The important takeaway from this is that threats like these don’t always come from the outside.
Be aware of insider attacks, sure, but the biggest issue to be aware of when it comes to threats from within an organization is human error.
This particular scenario was very much calculated from Nedry’s side, but data breaches happen by mistake in 82% of all cases. They can occur because someone inside the company wasn’t aware of the safety procedures, didn’t have enough education or was perhaps too stressed to follow the proper steps.
That is why cybersecurity should be people-centric and have the end user in mind. With the right training and tools, they have the potential of going from an organization's biggest security risk to their strongest assets.
We just learned about risks that we all can be more aware of, regardless of if we work in IT, administration, HR, or any other profession. The next step is to implement the right kind of technology.
Smartlockr offers you people-centric email security that lets you focus on your job, while we take care of protecting your data.
Click the link below to get more tips on how to prevent data breaches.
Read IT security expert Anne-Marie Eklund Löwinder's tips on how to prevent most common cause of data leaks: human error.
Employees pose the greatest security risk. Do you know why? Learn more about this in our meet the team-series, with today’s blog covering Stressed...