Do you watch “Mr. Robot?” I do. It’s one of my favorite television shows right now. The series follows Elliot Alderson, a security engineer from New York who works at the cyber security company, Allsafe.
Elliot is recruited by a mysterious insurrectionary anarchist known as “Mr. Robot,” and joins his team of hacktivists known as “fsociety.” One of their missions is to cancel all debts by taking down one of the largest corporations in the world, E Corp, which also happens to be Allsafe’s biggest client. Can you say “drama?!”
Now, this probably isn’t your typical day as a security professional, but there are some key things we can learn from Elliot and “Mr. Robot.”
1 – Vigilance – Bring vigilant individuals onto your team. When Elliot suspects that Tyrell has him accessing a honeypot, he immediately tears his infrastructure to shreds. Was he being too dramatic? Maybe. But it’s better to be safe than sorry. Being alert to normal internal behavior will allow you to take swift action when things go awry.
2 – Pick “Ones,” Not “Zeros”- Mr. Robot asks Elliot if he is a “one or a zero.” We find out later that Elliot is far from a zero. Ensure that the people you have on your team are willing to do what is right and not what is easy.
3 – Invest in Your Stack- I think the most humorous part of the first season is when Elliot agrees to regular drug tests because he can hack into his primary care physician’s database to switch the test results. He points to how easy it is to hack into this healthcare database because there is only one guy in the IT department with a $7 per day budget. No wonder why he loves his doctor. Invest in your security stack. I know, people do not buy fire insurance until there is a fire. However, when there is a fire, it is often wild and could lead you to polishing your resume when your company goes bankrupt because of a Mr. Robot.
4 – Face Your Demons- Everyone has a vulnerability. Face it. Accept that your security stack will never be one 100 percent. As Bit9 + Carbon Black Chief Security Strategist Ben Johnson continuously mentions, you should always be hunting, always be on the lookout for vulnerabilities. Never be complacent with your current security posture. Attackers are constantly evolving. Stay one step ahead of them.
5 – Back it Up – Do you have a single point of failure? What will happen when your users go home at night and are outside of your fabulous firewall? Who will protect these individuals? When Elliot brings encrypted drives to White Rose and Evil Corp relies on China to maintain their redundancy, they risk losing everything. You saw that even Steel Mountain could be brought down with one raspberry pie and a hot-server oven. Ensure that if you do go down at some point, you have a plan to stand back up. Ensure that users can be protected off-network to avoid a malware minefield that is waiting for your AV to go offline.