Three life lessons on security from our favorite superhero movies

Last updated: 14 November 2019

Neatly following on to our thought exercise in helping the Galactic Empire do better with cyber security and authentication, we’ve considered some of the life-lessons that could be learned from the silver screen exploits of our favorite comic book characters. Spoilers may follow, so if you’re saving yourself for the Dark Knight Rises, or any of the Iron Man or X-Men films, consider yourself warned…

Your C-Suite is a key point of vulnerability, protect it: In The Dark Knight Rises, Miranda Tate wooed her way into Bruce Wayne’s heart and onto the board of Wayne Enterprises…only years later to reveal her true identity as the daughter of Batman’s nemesis – and attempted to destroy Gotham City. Now I’m not saying that we should be suspicious of our C-Suite executives but we do need to consider the control, influence and access they have to key systems. As I explained last month, they are arguably a business’ most valuable and vulnerable asset, particularly when on the move, and it’s not unusual for a senior executive to leave a corporation to work for a rival (if it is slightly less common for them to try to destroy the corporation’s home city).

An executive assistant is a privileged user – Pepper Potts has the login credentials, diary and email access and personal details to completely run and manage Iron Man’s life, not just Tony Stark’s. Executive assistants like Pepper are among those chosen few in a company with the keys to gain access to the most confidential and sensitive information, via their work for the C-Suite. They need to be considered alongside CXOs in evaluating security risks and security investments. Of course, Pepper was promoted to CEO after the first film, therefore proving the rule!

Your ‘super users’ may not be senior staff: Mystique shows us how easy it is to shape shift into a member of support staff (or more prosaically: to run ‘social engineering’ scams to gain super-user access). Consider the number of transient, contract or low-level support staff who have high levels of access into your facilities and systems. How do you know they are who they say they are?

Protecting your business against potential human weak spots doesn’t need to be a complicated affair. The key three things to consider are access control, ID protection and email data encryption.

Ensure that all devices are encrypted so that even if a laptop is lost or stolen, you can be sure that only authorized personnel can access or understand the information stored on it.

  1. Invest in security measures training for your C-level execs and the people who work most closely with them so they understand the risks of using unencrypted emails to send confidential information, or of not having a digital signature to sign or approve contracts or documents. Make sure they know the importance of picking a proliThe Dark Knight Rises Taliafic and highly-personal password.
  2. Extend these investments and training to executive assistant as their C-suite bosses rely on them to provide relevant information in a secure yet convenient fashion.
  3. Equip all levels of staff with digital ID cards to control their access to certain areas (such as server rooms) or even devices themselves.

Any other lessons we can take from the heroes and villains of the comic-book movie multiverse? Let us know in the comments.

 

Leave a Reply

Your email address will not be published. Required fields are marked *