Three things popular culture can teach us about cybersecurity
on 20 May, 2020
Maybe someday, Hollywood will understand cybersecurity.
I'm not holding my breath, though. Outside of a few rare properties and occasions, the majority of popular culture inevitably resorts to a set of sensationalized, borderline absurd ideas about information technology.
Flashy hackers in dimly-lit rooms, desperate, real-time attempts to prevent intrusion, cataclysmically-sophisticated malware...the list goes on and on.Yet in spite of the misinformation and sensationalism, there are still plenty of insights to be gained from pop culture if you know where to look. It might not offer anything revolutionary or groundbreaking, mind you. But at the same time, there's some wisdom to be found.
Hacked connected devices are a very real threat
At one point in the movie Fate of the Furious, hacker and villain Cipher turns an entire fleet of self-driving cars into her own personal army. On paper, the scene is patently absurd, not in the least because of the strong security and high level of care that goes into automotive software. Even so, there's still a grain of truth to be found here.
As we bring more and more critical infrastructure online, the risk that someone may cause critical damage grows ever larger. To some extent, this has already happened on multiple occasions, most recently with the U.S. power grid, as reported by Wired magazine. And on the topic of zombie devices, the Internet of Things (IoT) allows the creation of botnets of unprecedented scope and scale.
We need enforceable security standards for Internet-connected devices. Our businesses, meanwhile, need to avoid using IoT endpoints manufactured by companies with poor security hygiene, while also isolating connected devices from critical networks.
Smaller attacks are often a smokescreen
It's a common tactic in war dramas. A red herring attack that directs the opponent's attention elsewhere, only for the perpetrator to strike them while they're distracted. This is also a common tactic of cybercriminals. They'll frequently use something like a distributed denial of service (DDOS) attack to mask their intrusion and draw attention away from what they're actually doing.
The lesson here, then, is to always remain vigilant. If you notice that your organization is being targeted by a seemingly-random attack, there may be more there than meets the eye.
Sophistication isn't necessary for an attack to do damage
When popular culture engages with the idea of a cyberattack, it usually borders on ridiculous. A genius hacker brute-forcing his way through an entire security system. State-sponsored black hats cracking even the most advanced protections with ease. Systems being compromised top-to-bottom in a matter of seconds.
The reality is that these kinds of attacks are rare. Criminals will almost inevitably seek the path of least resistance. There's a reason email is still an incredibly common delivery mechanism for malware and ransomware, and a reason that social engineering is still such a popular attack method.
Move past popular knowledge
Pop culture may have something of a tenuous relationship with reality where cybersecurity is concerned, but it does occasionally get things right. Learn to laugh at the absurdities, sure. But pay attention to the wisdom beneath.
You might be surprised at what you might learn.
Tim Mullahy manages the operations of Liberty Center One and One Cloud Services, a leading regional provider of IT Solutions focused on the needs of enterprises looking for high availability infrastructure and services. Tim has a demonstrated history of success in the information technology and services industry.