Compliance Lessons From Star Wars – Hacked

With the pending release of Episode VIII – The Last Jedi, I’m joining Tom Fox in tying compliance and the Star Wars franchise together. Starting at the beginning with Star Wars, or what is now Episode IV – A New Hope, the climax is the destruction of the Death Star.

One of the complaints about the movie is the plot hole allowing “the ultimate power in universe” to be destroyed by a a group of small fighters. As we learned in Star Wars – Rogue One, the Death Star was hacked. The developer left a back door: a small, two meter-wide thermal exhaust port which would lead straight to the station’s main reactor.  The developer leaked the plans to rebels who launched their attack.

Clearly, the Securities and Exchange Commission is very focused on cybersecurity. Particularly, since the SEC’s EDGAR database was hacked last year. In speeches, actions and warning about exam priorities, the SEC puts cycbersecurity at or near the top of the list.

The focus on cybersecurity is not just to take the steps to harden your systems to prevent the hack, but creating a response plan in case you discover you are been hacked or have been hacked. Clearly, a flaw in the defense of the Death Star was not sending out enough imperial fighters to counter the rebel attack. The defense plan never expected an attack by small ships.

The death of Grand Moff Tarkin was not taking the threat seriously.

OFFICER
We’ve analyzed their attack, sir,
and there is a danger. Should I have
your ship standing by?

TARKIN
Evacuate? In out moment of triumph?
I think you overestimate their
chances!

Tarkin underestimated the chances and disappeared from the Star Wars movies until last year’s Rogue One prequel to Episode IV. Never underestimate a cyber-attack on your firm.

As many cybersecurity experts have told me, it’s not “if” you will be subject to an attack, it’s “when” you will be subject to a cyber-attack. Don’t suffer the imperial oversight failure of Tarkin. Be vigilant for weakness.

May the Force be with you.

Although Tom decided to ignore Episodes I-III in his posts, I will advocate for using the “machete order” for viewing the movies: IV, V, II, III, VI.

The key problem is that Mr. Lucas changed the end of VI so that Anakin is now played by Hayden Christensen. You will have no idea who that person is if you have not seen II or III. Plus II and III fill in the backstory of Anakin. You will note that Episode I, the worst of the movies, is left out. That removes Jar-Jar almost completely, removes midochlorians, and removes trade disputes. In return, you get a bigger universe, a better understanding of the threat posed by the emperor, and the redemption of Anakin.