Checklist 238: The Annual Summer Blockbuster Special
It’s a Checklist summer tradition: the annual airing of our “Summer Security Blockbusters” episode! Originally released as Checklist 144, Summer Security Blockbusters takes you to the movies for a look at cybersecurity lessons from three of our favorite Hollywood hits.
It’s always a fun show to listen to, but this vintage Checklist is also highly relevant in 2021.
Segment One discusses the sci-fi classic Star Trek II: The Wrath of Khan. There are a number of big security takeaways in the movie, but by far the biggest is password security. Longtime listeners of The Checklist know that password security is one of our favorite topics, but with the emergence of new strains of IoT malware and the growing threat to critical infrastructure over the past year, changing that factory default password is now more essential than ever!
I find your lack of an IR plan … disturbing.
Segment Two goes into Star Wars IV: A New Hope. The first installment of George Lucas’ celebrated space opera, A New Hope also contains some important cybersecurity lessons. Among them: If your giant, well-protected network (or Death Star, as the case may be) has great outer defenses, but no way of containing a breach, then you’re setting yourself up for trouble. Not too long ago, the folks at Twitter provided a textbook example of how a strong “Plan B” can quickly contain a potentially disastrous hack. Smart companies (and Dark Lords of the Sith) would be wise to take note!
If you can’t beat their defenses …
Segment Three takes us back to Independence Day, the archetype of the modern summer blockbuster. And here we’ll put in a big spoiler alert for anyone who hasn’t seen the movie…
Will Smith and Jeff Goldblum help take out a fleet of alien spaceships using a computer virus. It’s a dramatic example of how highly sophisticated technology can be laid low by just a few lines of malicious code. But that’s no longer only the stuff of big-budget action movies, as May’s Colonial Pipeline hack so amply demonstrated. Independence Day also showed us how even the most advanced computer systems are still vulnerable to malware — especially when that malware is delivered via a trusted source. Here too, life imitated art over the past year as Fortune 500 companies, software firms, and even the US military fell victim to the SolarWinds and the Kaseya ransomware supply chain attacks.
To read a full write-up of the episode, click here — or simply use the player below to listen to the show!
The Checklist will return next week with a new episode. If you have a topic you’d like to see covered on a future show, or a security question that you’d like to have answered on the podcast, write to us and let us know!