“Vigilance” is a word often thrown around when it comes to maintaining good cybersecurity hygiene.
Want to protect your accounts? Be vigilant and maintain a complex, rotating password. Wary of viruses? Remain vigilant and update your antivirus definitions regularly. Need to protect your organizational systems and data from possible data loss, leaks, etc.? Stay vigilant and keep an eye on user activity.
We’re vigilant when it comes to the topic of insider threats. Whenever a new insider threat incident, data leak story, or piece of related research hits the newswire, we’re on it. We basically eat, drink, and breathe everything insider threat management.
This may explain our (some might say obsessive) tendency to see insider threats in everything, like the TV shows Mr. Robot, and Game of Thrones, and the subject of this post, the 1982 cult-classic film: Tron.
Tron’s Relationship to Insider Threat Management
Tron has the unique fame of being the first film to focus on the internal world of computers, but it may also be the first great example of a cybersecurity related insider threat incident. For those of you unfamiliar with the film, here is a little background:
(PLOT SPOILER WARNING)
Tron revolves around a computer programmer who uses his privileged access to pursue revenge on a former employer. He gets caught by an artificial intelligence-based cybersecurity application, which goes off-the-rails and pulls him into the world of the computer against his will. There, he is aided by a computer program who “Fights for the Users” by the name of…Tron!
The rest of the movie is pretty standard escape tale infused with software terminology nods, too-tight spandex suits, and striking neon colored special effects, but let’s reflect for a moment.
Top 3 Insider Threat Indicators in Tron
- We have a high-risk insider threat in a former employee
- He had privileged access to systems and data as a programmer
- There was clearly motivation to be malicious (which indicates something big happened)
It all seems so obvious in hindsight, but as we’ve written about before, most organizations don’t consider the potential for an insider threat until one has occurred. But the relationship between the movie Tron and insider threats goes even deeper than this…
Additional Insider Threat Indicators
For starters, the former employee computer programmer insider threat in question (Kevin Flynn, played by actor Jeff Bridges) states that his motive is based around his boss having potentially plagiarized his work.
This indicates that visibility into data interactions and movement may not be well established, especially on an individual insider (user-based) level.
Flynn’s character was aided by additional insider threats within the company. They were frustrated by the addition of a hyper-strict cybersecurity application ruleset that was preventing them from doing their work.
This indicates that there was a general lack of balance in regard to cybersecurity policies and established rules within the cybersecurity application. In addition, there was a lack of visibility into the activity of these insiders, otherwise they would have been caught aiding Flynn in his efforts.
Data Loss and Insider Threat Lessons Learned
So, at a high-level what can we learn from the movie Tron, in terms of insider threat management? (Besides the fact that the 1980’s were a very strange, fun place.)
Well, for starters, visibility into user activity is essential to stopping a potential insider threat in its tracks. With it, the team responsible with cybersecurity (or at that point in time, just security) may have been able to keep a closer eye on the insiders posing a greater risk.
They would have also benefited from knowing:
- Disgruntled former employees are a risk
- Employees that have to deal with barriers to their work are a risk
- It isn’t easy to determine user intent or assign trust without evidence
- Investigating potential insider threats requires proof (and had it available)
- Cybersecurity programs need buy-in and advocacy on all levels of an organization
Tron may have been a great insider threat movie; albeit a weird cult-hit relic from 1982; but these are valuable lessons that any modern organization could take away and better protect their systems, files, and data.
Will you up your organization’s vigilance against insider threats, a la lessons from Tron?
Does your DLP seem a little #TBT?
We’re going to Black Hat USA on 8/4 – 8/7! Stop on by Booth #1356 to see why DLP is a technology of the past and learn about our modern approach to insider threat management.
Let us know you’re going, by tweeting @ObserveIT with the hashtag #BHUSA