HOW MR ROBOT IS HELPING TO BOOST CONSUMERS’ AWARENESS OF CYBER SECURITY
The hugely successful series Mr Robot has brought cyber security to the small screen and a more mainstream audience. We spoke to the one of the show’s technical consultants about how it is helping consumers to stay secure and hold businesses to account.
When I ask former FBI special agent Andre McGregor, now director of security at Tanium and a technical consultant on Mr Robot, whether he ever thought a series about cyber security would ever become so popular, his answer is simple – no.
“I’m used to watching movies and TV shows that really lose touch to how cyber security and information security works,” he says. “Take a show like CSI: Cyber, where they’re showing green code on the screen as good and red code on the screen as malware.
“I said to myself, ‘I wish I had a tool like that in the FBI, because it would have made my life a lot easier.’ But the reason we didn’t have a tool like that is because it doesn’t exist!”
Enter Mr Robot, the USA Network drama about a cyber security engineer turned vigilante hacker. The series began in 2015 and has just been renewed for a third season, and McGregor says it is having a real-world effect on cyber security because it is helping consumers to understand the issues and the language of the sector.
“What I enjoy about the show is that someone like my mother, who still doesn’t have a computer and just recently got her first iPhone, is watching the show and now saying to me, ‘I understand what you’ve been doing for the last 15 years of your life,'” he explains.
“So it doesn’t matter how much I tried to explain it to my mom, now that it’s on TV and it’s something that’s visually appealing to her, she’s able to understand that threat of cyber security that’s against her.”
- American View: Deploy new technologies deliberately, and with careful planning, if you want to avoid a catastrophic collapse
- American View: The Big Creep
McGregor says this type of consumer awareness is starting to become more commonplace, and in the face of a risk of breach fatigue, series like Mr Robot can help to arm non-technical members of the public with the knowledge they need to hold firms to account.
“When you’re able to show it on television and use movie magic to explain to them how what they’ve read in the news actually happens, it’s going to drive the conversation for consumers wanting to hold businesses accountable for the security they expect, and to be able to ask important questions intelligently about what type of security controls are in place,” he says.
“I think before a show like Mr Robot, it was just big words, complex words, or the IT guy guys who were discussing these ideas, when in fact now we’re creating a show where the mainstream audience is interested in the same.”
When it comes to businesses themselves, McGregor says there is “a lack of awareness of how real the threat is”, despite the constant media attention cyber security now gets.
“What I mean by that is we’re riddled with headlines on breaches weekly, and we want to understand to what extent cyber actors are attacking our infrastructure, and we’re so quick to jump towards the answer being zero-day vulnerabilities or a sophisticated attack targeting a specific company, industry or agency,” he says.
“In fact, everyone has the ability to gain access into most of the networks that we have today because we don’t really understand to what extent the vulnerabilities exist with our devices, our software and our users.”
McGregor says this ignorance often begins at the top, with senior managers and board members unaware of basic security practices that put their businesses at risk. “As I’ve been working in the FBI for years I came across so many executives and users that didn’t really understand that their actions or their lack of action in the space is really what’s causing the vulnerabilities to exist,” he explains of the business environment.
“And so it doesn’t take a sophisticated attacker to use sophisticated tools to get in. They can use very easy, simple, off-the-shelf tools that essentially anyone can gain access to.”
Essentially, he says security really comes back to “the basics of cyber hygiene”. Even the best cyber security solution won’t protect a business if its users don’t take basic precautions.
“It’s very basic things people need to do,” McGregor explains. “If I want to protect my house, yes, I can get the most sophisticated alarm system, but if all my windows are still unlocked and someone can just open the window and bypass the alarm, something as simple as that can do more than the sophisticated alarm system that I have at the perimeter.”
But as large companies become increasingly aware of the cyber threat and protect themselves, he believes this will help small businesses to become more secure, too.
“The nice thing about business, big industry, is that you do have the trickle-down effect,” he says. “Where the large companies are testing and buying interesting tools to tackle this, once it does become successful and mainstream it allows for smaller companies to do the same.
“That being said, understanding the problem is the first thing you need to do whether you’re a large business or a small business… Essentially, we need small businesses to also ring the bell and say, ‘Hey, what do we need to do and how do we get the software?’”
McGregor’s answer to this question is almost as simple as his explanation of his expectations for Mr Robot‘s success: the tools are already out there – businesses just have to use them.