The Dark Side sways hackers more than ever, but it doesn’t mean you can’t tap into your Force abilities to put a stop to their attacks. According to Wookieepedia, the Jedi mind trick is the ability to use the Force to influence the thoughts of the affected to your advantage. Remember in Star Wars Episode IV when Obi-Wan instructed the Stormtroopers to let them go? This is the Jedi mind trick!
Some organizations and cybersecurity Jedi can take years to master these behaviors. Hackers use mind tricks every day to dupe employees into clicking malicious links and obtain unauthorized access to your network. But, if you use your Force abilities, a Jedi mind trick in information security can prevent an onslaught of hacking attempts.
Understand How Your Hackers Think
The first lesson in information security mind tricks is to know how your hackers think. To do this, you must tap into the Dark side of hacking. You must understand the drivers and motivations of your hackers. When Rey in The Last Jedi answers Luke Skywalker’s question of what does she see, “Light. Darkness. A balance.” Beating your hackers is all
You might be asking “Why do hackers hack?” Their motivation usually lies in the following:
- Financial Gain
- Political Prowess
Cyber attacks do not occur by way of a hacker destroying your fleet remotely. Instead, hackers know how to obtain access under the guise of sleuth tactics. To beat a hacker, you need to think like one and ask the right questions. Here are questions you might want to consider:
- What’s our weakest defense point in our network, applications, etc.?
- What gaps do we need to work on closing before a hacker exploits it?
- What’s our strategy or framework for cybersecurity? (Govern, Identify, Detect, Protect, Respond)
- How do we implement a Security in Depth or layered approach to security?
Your team of Jedi security specialists need to learn how these hackers use the cyber kill chain or the phases of a cyber attack. Hackers use it to infiltrate your network and gain access to sensitive data. If you are not familiar with cyber kill chain, here’s a short video to explain:
Decisively, you must ensure your team is focused on continuous security improvement as well. Your team should have a curiosity in reducing the attack surface for the organization at all times. A hacker only needs to succeed once while your team must succeed every time.
Find the Hackers’ Weakness(es) & How They Find Yours
Hackers thrive on finding weak spots in your organization and employees, the network, or your physical security. Therefore, much like Supreme Leader Snoke, you must be able to see a hacker’s weakness to control them.
You will need to engage in the methods of “ethical hacking” to understand how they can beat your defenses. As a team of security Jedi, you should regularly run security exercises to challenge your defenses and identify vulnerabilities in the network. You can also bet on hackers using phishing to dupe your employees and thereby penetrating your network. Phishing scams are the number one delivery method for malware and ransomware. This leads us to our last information security mind trick.
Simplify Your Security Message to Employees
Hackers use social engineering schemes to mind trick your employees into providing unsolicited access to your network and data. Employees need simplified training in cybersecurity best practices without a lot of technical jargon. Train your employees to become Jedi apprentices in your pursuit of security defense.
Employee security awareness will be your strongest defense against a myriad of cyber attacks. Repetition is key in training your team of security apprentices. You may consider a regular newsletter to communicate best practices, include what actual phishing emails look like, or share information security articles that will resonate with your employees (i.e. the impact of clicking a phishing link in an email). You may also want to use phishing and security simulation training on a regular basis. During your onboarding process, you should also introduce your new employees to the security policies and procedures for the organization. The most important areas to cover would include:
- Essentials of password management
- Examples of phishing schemes
- How to properly back up their data
- How to correctly send personal and confidential information
- Account limits, access, and authentication for their device
- Overall security policies and best practices
User awareness and training will solidify a culture of cybersecurity within your organization. Employees will become less of a concern when it comes to mitigating cyber threats if they are empowered with knowledge.