Posted By ALGOSEC
It’s the holiday season, which means it’s time for our annual tradition of analyzing a classic movie in terms of the cyber security lessons it can teach us.
This year we’ve selected Jumanji, the 1995 adventure classic with the legendary Robin Williams, which is getting the reboot treatment this holiday season, with an updated plot and an all-new cast. For those unfamiliar with the original family favorite, it tells the story of Alan Parrish, a young boy who accidentally discovers an old wooden chest containing a mysterious board game. When he starts playing the game, he discovers it has magical properties which bring a fantasy jungle – complete with a menagerie of wild beasts – to life in unexpected, and scary ways.
Despite dating from the dawn of the Internet era, the movie contains several plot points that offer valuable cybersecurity lessons for today’s organizations. So while you’re waiting to see the reboot, here are three security lessons from the original Jumanji movie.
Lesson 1: Beware of old, undocumented rules
The movie opens when young Alan discovers a long-buried old board game. The game hasn’t been touched in years, and doesn’t have a set of rules in the box, so when Alan invites his friend Sarah to play Jumanji, neither knows how to start the game or exactly what might happen.
Sarah rolls the dice, and the game’s pieces begin to move independently. The adventure begins, and the game starts to wreak chaos as Alan is sucked into its world, and a swarm of bats appear to chase Sarah out of the house. The game is abandoned.
Similar chaos can be unleashed when old, undocumented firewall or device rules are left abandoned on the network. Without knowing why the rule was created or what purpose it serves, security teams are faced with the dilemma of not knowing what sort of risks might be unleashed if they delete or change the rule. Will doing so impact on any current business applications and cause an outage? Will it introduce a security gap or cause a compliance violation?
While dealing with obsolete rules can lead to all sort of unexpected and unpleasant consequences, thankfully there are ways to safely identify, handle and decommission them. Implementing a strong rule validation and recertification process can be a massive undertaking, but a security management automation solution can help to automatically find and remove old, undiscovered, obsolete rules on the network.
Lesson 2: Unknown attacks can cause chaos
The film fast-forwards 26 years, and a new family moves into the house where the game was abandoned. It is discovered by Judy and Peter Shepherd, and when they start to play, a swarm of giant mosquitos and monkeys are released from the game’s jungle world and Alan is finally able to escape, after being trapped for over a quarter of a century. The trio resolve to complete the game, so that normality can be restored, but it unleashes yet more threats including carnivorous vines, a lion and a man-hunter.
If only these threats could be blocked. In the real world, the very same can be said for a range of threats including malware ransomware, phishing and bots. Thankfully, you don’t need to complete a game to protect your organization.
Lesson 3: Keep the worlds apart
In Jumanji, the threats can cross over from the game’s environment and affect the real world. It’s a similar situation in network security – threat actors are constantly probing your network’s borders, trying to find an entry point, from which they can enter your network and move around to get to your business assets.
Segmenting your network is key to mitigating the risk of your network and business being compromised by an attack. Once unauthorized access is gained, a well-segmented network topology makes it easy to limit the threat’s lateral movement in the world you need to protect: some best practices for deploying effective segmentation are here.
By keeping these three important lessons in mind, you’ll be sure to protect your network and keep the lions, mosquitos and cyber-threats at bay. It’s a jungle out there, don’t leave it to chance!
Learn more about Algosec :