Learn from the Death Star’s security lapses

2017-12-07T14:00:09+00:00 March 30th, 2017|Azure, Cloud|

Make no mistake, the only reason the Galactic Empire was defeated by the Rebel Alliance is because of their own arrogance and inadequacies to patch a serious flaw in the Death Star’s system. The Death Star was the most powerful and complex weapon system created at the time, with the ability to destroy an entire planet.

Against all odds though, the Alliance dared to believe they could overwhelmingly overturn the fight in their favour by analysing the Death Star’s essential components. The Galactic Empire spent so much money on their own systems attack, they neglected their defences which ultimately proved fatal. Being the most powerful organisation in the galaxy, they didn’t believe anyone would dare challenge them, they never simulated an attack or put it through rigorous testing, they assumed that what was already in place would be fine.

All it took was for the Alliance to find one major flaw in their defences, which would allow them to infiltrate their system and send the Death Star up in smoke. The leak of the defences can happen to any organisation through a misplaced USB stick, leaving a device unlocked, sending sensitive information to the wrong email contact or even through unsecure software. Azure Information Protection can help to prevent this by flagging and preventing certain information from being sent to non-approved contacts. Regularly patching software to keep it running on the latest versions is imperative to ensuring its security.

Organisations should be constantly wary of attacks; they should always assume they’re being attacked and someone is trying to break through their systems defences. The Galactic Empire reacted late to their under-fire Death Star, deciding to deploy their own remote TIE fighters too late – having earlier and constant prevention methods could have helped keep the Alliance’s X-wings at bay. The Death Star was guilty of the all too familiar reactive defence security rather than being proactive, so when the ‘worm’ hit their system, the opportunity for prevention was long gone. No organisation, no matter if they handle sensitive information or not, can afford to adopt this protocol as it’s destined for failure.

Said ‘worm’ came in the form of a missile from the attacking X-wing’s, who were kept at bay by general defences but in the end, the Death Star couldn’t keep them out forever, especially when they attacked the vulnerable hole in the system. As General Dodonna highlighted, “The Empire doesn’t consider a small one-man fighter to be any threat,” which emphasises the fact that organisations need to consider every type of threat – no matter the size or scale. They failed to patch a key component, which left the door open to their counterparts. At the end of the day, an organisation’s security is only as strong as its weakest link.

The lessons to be learned from their defeat, albeit even though they were the enemy, is that if you lapse and choose to ignore security then you will eventually be breached – whether you’re aware of it or not. Organisations must audit their own defences to understand if they can stand up to an attack. The Death Star needed an external party to thoroughly test them for all potential attacks and leaks, governance, identity and patching. They relied heavily on their ‘firewall’, which was a shield being propelled from the ground up. As soon as that was infiltrated, the leaks and holes were easy to exploit for their counterparts, which was the final nail in The Death Star’s coffin. So, in the words of our old companion Yoda, when it comes to ensuring your systems are protected, “Do. Or do not. There is no try.”