Freely subscribe to our NEWSLETTER

Should you find yourself seeking refuge on a rainy weekend, craving to immerse yourself in the world of data hacking and its disruptive consequences, I suggest you peruse the following list. While not exhaustive, it offers a comprehensive exploration of the themes surrounding cybersecurity. Prepare to have your mind stirred by the ingenious ways in which both humans and machines take advantage of the opportunities to steal digital assets, and our ostensibly unassailable right to fight back. However, if your inclination leans toward a more pragmatic understanding of the imminent cybersecurity risks lurking in everyday life, then read on. I have simplified your journey to three media pieces that will give you practical lessons about cybersecurity.

IoT security, data governance, and spoofing attacks are terms that you may have heard. They are industry jargon that describe complex technical scenarios in cybersecurity. Allow me to distill these terms into three simple words: Defend, Decide, and Debunk. And what better way to illustrate each word in the context of cybersecurity than through the lens of visual media?
While there is much creativity in films and TV about how digital and analog information could be extracted from you and harnessed for evil or “good” purposes, in the present time, you don’t need to worry about an android trying to extort you or a spaceship trying to kill you. What is critical for you, is to understand how to defend your data, how to decide and control what private information can be made available to others, and what steps to take to debunk suspicious data.

In an age where the boundaries of our physical and digital lives are becoming increasingly indistinguishable, safeguarding our homes against cyber threats has never been more urgent. Enter Mr. Robot, a captivating television series that beckons viewers into the tumultuous world of Elliot Alderson, a cybersecurity engineer and hacker extraordinaire grappling with his inner demons. Elliot is recruited by an anarchist known as "Mr. Robot" to join a group of hacktivists called “Fsociety,” who aim to bring down corrupt corporations and the financial system. "Hidden in Plain Sight," the fifth episode of the fourth and final season, illustrates why it is critical to protect your modern home against cyberthreats.

You may think of your “home” as a set of four walls and a roof, but today, your home also includes your car, your laptop, and your phone, because your digital self lives in all these devices. Your new digital modern “home” is filled with sensors and controllers that can track, for example, a room’s temperature, who is at home, if the house pet needs water, and if the garage door is open. These devices can turn on the heater ahead of your arrival and can even suggest what podcast to play when you cozy up in your living room. These devices are collectively called IoT devices and include alarms, smart TVs, digital assistants, and many other appliances, such as thermostats, water heaters, and smart washing machines.

As the Mr. Robot episode shows, as long as your home is connected to the internet, it is easy for a hacker to infiltrate your home remotely and turn on the TV – perhaps racking up a huge bill in pay-per-view transactions in the process. The shower could suddenly go from comfortably warm to scalding hot at the command of a cyber intruder. The alarm system could go bonkers, waking up neighbors and somehow making itself inaccessible, because the password to turn it off does not work anymore.

Let’s be clear, nothing here is science fiction, all of these events can happen to you and defense is the best countermeasure. Not all IoT devices come equipped to deal with complex cyberattacks. In fact, some devices may not have any real cyber protection, leaving your home exposed. Therefore, it is important that as your home becomes smarter, you outfit it with networking, and devices that know how to defend themselves against hackers. It is important to familiarize yourself with digital defense techniques, because as time passes, your home will become densely connected – hyperconnected, as they say in cybersecurity circles – with a multitude of IoT devices and you need to understand how to build an effective defense perimeter for your digital home. This does not mean you need to become a programmer or engineer. It simply means you need to shop around for devices and software platforms that have proper data security built-in and are easy enough for you to integrate into your home.

Building the right defense for your data is not a finite end goal, but part of a larger scheme of security practices you need to follow. For example, how do you control your information? How do you know who is looking at it? How do you grant access to your information without losing control of it? In the data security industry, the management of private information is referred to as governance – that is to say, you decide or “govern” when, how, and with whom, you share your information.

It’s time to check out Anon (2018). This film is superb at contextualizing the role of data governance. Set in a futuristic world where privacy and anonymity no longer exist, Anon follows a detective named Sal Frieland who investigates a series of murders committed by an enigmatic hacker known only as "The Girl." She orchestrates a clever way to hide her identity in a world where all information is openly accessible. In this dystopian world, every person has an eye and brain “implant” that records everything they do. Every individual’s visual perspective is recorded and accessible to others; information such as name, age, profession is available in real time, making it impossible for normal people to hide their basic identity, and leading to a society where people’s lives are constantly under surveillance. However, there are rules to maintain order in society. Sensitive information is controlled by a few to prevent chaos or terrorism. For example, in one scene, Sal’s boss, the chief detective, gives Sal the right to view the moments leading up to a crime as seen from the victim’s perspective. Sal’s boss essentially exercises data governance by granting Sal permission to view it.

The “Girl” is able to manipulate her record by breaking it apart into small bits of information that she then implants in the minds of each citizen, thereby making it impossible to trace her information without knowing where each bit of information is located in each citizen. She uses an algorithm to randomly spread her information across society. She shares and distributes her minced data across all of society. Who has time to piece that data back together? This would be impractical, hence by sharing her information liberally she becomes invisible. She has cleverly reinterpreted the practice of data governance to be completely anonymous.

Now, we do not live in a world with that level of sophistication just yet, but in principle, it is still critical to learn how to manage access to information, and in addition, it is important to influence public policy that gives us ample decision powers over how to manage our personal data. We need to understand how to exercise data governance, because these days, when you sign up for a Video Streaming Service (VSS), such as Netflix or Hulu, you are agreeing to share certain information with the VSS and also with its affiliated third parties. If you want the subscription, it will cost you a fraction of your personal private information as well as monthly fee. Do you really want this? How can we change this practice? Without getting too sidetracked by politics, here is where we, as a society, need to work smartly to generate policy that allows us to control our information. While there are recent efforts by the U.S. government to establish strict data privacy guidelines, it is only with active citizen participation that laws on data privacy can be expanded and strengthened. “Anon” is an important reminder that we need to balance transparency and anonymity with practical policy at the local and global levels.

Citizen participation is imperative for good data governance policy and practices, but there is more. Collectively we must also be aware that not all information out there is accurate. We need to learn to debunk information in real time – most importantly, we need to learn to wait to understand and verify information before we act on it, because distorted digital discourse creates discord, confusion, and danger. Have you heard of the 1983 nuclear false alarm incident? Thanks to tempered judgment a nuclear war was averted. Similarly, we need to take a tempered approach when reviewing digital information – particularly if the information requires urgent action.

In the latest Mission Impossible chapter, “Dead Reckoning Part One” (2023), the repercussions of blind faith in digital veracity come sharply into focus. Agent Ethan Hunt and his team confront a nefarious AI weapon hell-bent on manipulating the world’s data fabric. The AI weapon can distort digital information and misinform people, corporations and even government agencies. Through the AI threat to world order we get a practical taste of the consequences of accepting digital information at face value without critical analysis.

In the film’s opening sequence an advanced russian nuclear submarine, the Sevastopol, collapses to the bottom of the frigid Bering sea because the crew is unable to assess the validity of digital information to avert disaster. The AI weapon onboard the Sevastopol cleverly spoofs a phantom enemy submarine on the radar system. The phantom submarine suddenly launches torpedoes targeting the Sevastopol – or so it seems. This prompts the crew of the Sevastopol to counter attack by firing their own torpedoes. The crew soon realizes the enemy submarine and its torpedoes were never there, but meanwhile the AI takes control of the Sevastopol’s real torpedoes which are now in transit to hit a nonexistent enemy. The AI redirects the torpedoes towards the Sevastopol to self-inflict a wound to bring down the submarine to the bottom of the Bering sea.

This is a brilliant metaphor for how data can manipulate us if we don’t use critical thinking. When the Sevastopol’s “firing solution” software platform initially estimates the distance of the enemy submarine at ten thousand meters, one of the officers casts doubts on the estimate, because the sonar signal is very clear, thereby implying that the enemy submarine is much closer, but nobody takes a moment to understand why there is a discrepancy between the officer’s experienced call on the position of the enemy submarine based on the sonar data and the estimated distance provided by the software. This is a perfect moment to apply “thin slicing” as proposed by Malcolm Gladwell’s book: Blink, namely, with proper training and experience, snap judgements can lead to plausible reliable conclusions. If the crew had trusted their real life experience using sonar, they would have quickly figured out their “firing solution” software platform was compromised by an external agent. This could have prevented the launch of the real torpedoes until they were certain there was an enemy vessel in front of them. Experienced human judgment could have saved the day, but instead the crew relied on software information alone – a grave mistake in light of the fact that a “trusted” AI platform could easily control the software to generate false information.

Most likely, we will never be fighting ghost submarines and second guessing malicious AI platforms under the Bering sea, but we will encounter misinformation and deep fake data across all of the internet. In this context, human experience combined with critical thinking and skepticism helps us discern accurate information.

Later in the “MII” film, the concepts of defend, decide, and debunk come together at the Dubai airport scene. Let’s break down the scene in detail. Ethan’s team easily penetrates the airport network security, opening secure doors remotely and entering the baggage sorting area to search for a weapon hidden in a bag. In this case, their purpose is noble, but imagine if your front door was IoT enabled with poor device security, how would you sleep at night knowing a savvy hacker could easily open it remotely? Definitely “Mr.Robot” would take advantage of your door if you were his target.

The scene also illustrates how secure data governance is critical. Ethan’s team uses people’s faces to collect information about a passenger’s identity, nationality and travel destination from the airport’s database. How did they get access to this data? Was the data governed properly? How do passengers consent to share information at airports? How much of this consent is adequate and how much is actually invasive? All depends on citizens deciding how to regulate shared information via policy measures.

Ethan’s team uses surveillance camera software to spoof people’s identities in real time by overlaying different digital faces on passing persons. By spoofing Ethan’s identity, he is able to get away from the government agents chasing him. How can we tell what is real and what is not? Again, in the context of a film, the situations presented might be too extreme to be relatable, but how about a speech made by a politician and posted on social media? How can we know it’s not a deep fake? “Dead Reckoning” is a sobering reminder that in an age inundated with torrents of data, the virtue of skepticism and critical inquiry are important to detect what is factual information.

Aside from being highly entertaining and intellectual, Mr. Robot, Anon, and Mission Impossible Dead Reckoning – Part one, are effective illustrations of the dangers of improper IoT security, poorly managed data governance, and unmitigated spoofing attacks. These narratives serve as allegorical beacons illuminating the treacherous terrain of cybersecurity. Through their compelling stories and visceral imagery, we can be inspired to defend our private data, decide how and when to share our information, and to debunk misinformation before it spreads. I hope you take some time to watch these films to develop a greater awareness of data protection. As you embark on your cinematic odyssey, take notes on how to apply the films’ messages into your everyday life. May these films serve as both an education and inspiration in the face of digital adversity.