It was one of the biggest blockbusters of the summer. Dwayne Johnson’s Skyscraper thriller grossed $304.1 million during the hottest summer in living memory. Honestly, it probably would have made more, but for the fact that half of the UK population was sitting in any available patch of sun with a beer in their hands. I was one of those people, although with fruity cocktails instead. That was when I wasn’t in the office writing witty blog posts on Citrix Workspace, of course. Alas, while I had every intention on going to see the film, I never got around to it. So it was my pleasure, two Saturdays before Christmas, to snuggle in my pjs and pop it on (I lead the most exciting life when I’m not in the office). Well. While it’s action-packed with an interesting futuristic spin, I couldn’t help but spend the whole movie pointing out, sadly to no one in particular (I’m going to have to get a cat), all the various cyber security blunders that Johnson’s character made. Not one to waste my breath, or a good writing idea, I’m going to lay it all out in this blog post so that you can giggle along with me. Before we go any further though, there may be a spoiler or two, you have been warned.
In a nutshell, Johnson plays ex-FBI hostage-negotiator-turned-private-security-expert Will Sawyer, who gets called to Hong Kong in order to assess the security of the world’s tallest skyscraper. The Pearl, 225 stories and a whopping 1,100 metres tall, needs an inspection of the upper residential half before it can be opened to tenants. Since we are, after all, living through the ‘IOT for all of the things!’ revolution, no matter how mundane the appliance, it’s no surprise that the Pearl was built with tech in mind. It’s basically a giant computer, full of safety features and automations that make living and working there slightly more exciting than your average building. We saw absolutely zero evidence of it, but I’m still sure the lights turn on and off by clapping your hands. Anywho, we see Sawyer being given a tablet that controls the entirety of the 225 floors and shooed out of the door to go inspect the offsite security centre that controls the skyscraper. The tablet, obviously, isn’t in his possession for long, as it gets robbed by a group of terrorists who succeed in burning down the $200 billion structure with it. The sad part is, if the IT department had deployed a better cyber security solution, it could all have been avoided. Typical.
Who needs an effective authentication method, am I right?! This was mistake number one. For some incomprehensible reason, the only way of unlocking the tablet that controls the entirety of the building is via facial recognition. That’s it. Sure, in cinematographical terms this looks the best. It’s impressive and futuristic, suave and savvy. It’s every nerd’s dream. And facial recognition as part of multi-factor authentication is really effective. In the blink of an eye, it can analyse billions of tiny little markers on your face to unlock your device. But who on earth would think that it would be enough? For god’s sake, just signing into my Facebook requires my password, mother’s maiden name, list of my three favourite chocolate bars (in order) and the promise of my firstborn. Truth be told, facial recognition alone was irresponsible, and about as effective of protecting all that important data as using ‘1234567’ as a password. Hell, put a photo of Sawyer in front of the camera and that would probably fool it. There are so many effective ways to authenticate identity (I wrote an entire post on it). Why not have a secondary form of authentication, like having a password activate on Sawyer’s smartphone? That would have been clever.
Mistake number two; not informing the IT department of the breach. Err, this should have been the first point of call when Sawyer’s tablet got robbed. Instead, being the idiot that he is, he threw caution to the wind and went running off to save his family. Just one minute on the phone to IT and they could have stopped the disaster that was about to unfold. A good cyber security solution would have removed access to the tablet in a couple of clicks, rendering the terrorists’ efforts moot. In fact, it would have taken no time at all to wipe the data clean from the device, essentially turning it into an expensive, albeit sleek-looking, paperweight. It does echo a current issue facing organisations in terms of cyber security; the majority of security breaches come from employees who, inadvertently or not, allow the threat to infiltrate the network. This can happen from clicking on a dodgy link in an email (it’s sadly not a video of cats acting strangely)- in fact, phishing attacks are more prevalent and more likely to scam large sums of money from an organisation. Realistically, in this situation, Sawyer seriously neglected his responsibility to inform the IT department. While he undoubtedly performed some incredible gymnastics and it was thoroughly enjoyable to watch, I would have loved to hear his rationale when all was said and done. I doubt he’d be hired to assess the security of a paper bag after that!
The moral of this story is, and I’m sure it’s what director Rawson Marshall Thurber wanted to portray; don’t let your organisation become the Pearl and burn down to the ground- make sure your cyber security solution ticks all the boxes. We work closely with Check Point to incorporate secure technology into our solutions, effectively avoiding the risks that we saw Sawyer facing in the film, and many more besides. Have a chat with our cyber security solution experts here at Cetus, and in the meantime book yourself in for one of our complimentary security posture reviews!
Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.