the mandalorian

May the Fourth: Security Lessons from The Mandalorian

The Star Wars series provides good examples that we can use as lessons to combat scammers attempting to profit from COVID-19, writes Tyler Reguly.

As part of my day job, I work around the clock on the second Tuesday of every month to provide our customers with the latest details on Microsoft vulnerabilities. This cycle, which I’ve maintained since 2006, occasionally interferes with real life – causing me to miss concerts, musicals, and TV premieres. Nov. 12, 2019 was a memorable one because friends were messaging me all day about the premiere of "The Mandalorian" on Disney+. The first thing I did when I woke up on the 13th was put on the episode. The only word that came to mind as I watched the episode was perfection.

Over the eight episodes of season one, the entire world was enamored with the series. Baby Yoda was a huge hit, with everyone wanting to get their hands on Baby Yoda merch before Christmas. Sure, Baby Yoda was cute and all, but I loved the space western vibe. For me, the series was everything I wanted out of Firefly but in the Star Wars universe. It also preached the ongoing message of Star Wars… a message that seems more important than ever right now – a message that we all need a little help sometimes.

This sentiment isn’t new. Lennon and McCartney penned "With a Little Help from My Friends" for Ringo Starr to sing on The Beatles’ eighth album. While it is an iconic Beatles song, for my generation Joe Cocker made the song famous. So many people know it as “The Wonder Years song” and, honestly, it gives me chills every time I hear it. The underlying sentiment is often forgotten, but it’s all about getting through a rough time with help from your friends.

Right now, the world is in disarray – we’re experiencing that “rough time.” We’re facing a situation with the COVID-19 pandemic that many of us never thought we’d experience. Unemployment rates are high, there are lines for grocery stores and entertainment that involves leaving your home is a thing of the past. People are scared and panicking. We’re all seeing our mental health impacted, we’re all questioning if there’s a light at the end of the tunnel, we’re all nervous to find out what tomorrow will bring.

Sadly, that fear is as good as blood in the water. It brings out all the sharks. We’re seeing a spike in phishing attacks and security issues, particularly in communication and collaboration applications. Unfortunately, our fear is cause to celebrate for the criminals that prey on the innocent. A panicked single parent waiting on their stimulus check in the United States, an out-of-work retail employee awaiting their CERB payment in Canada or an individual new to Universal Credit in the UK. These are all prime targets for phishers and other scammers.

I think The Mandalorian provides a lot of good examples that we can use as lessons to help combat these scammers and other technology related issues that we encounter as we learn to live and work in a COVID-19 world. This May the Fourth, let’s take a look at a few of them.

Spoiler alert: The rest of this article discusses plot details of The Mandalorian, so if you haven’t seen it and don’t want to be spoiled, this is your warning!

Let’s start with pride. We could get biblical here and say, “Pride goeth before destruction.” I think, though, that the Mandalorian, who we’ll call by his nickname “Mando” for the remainder of this article, better encapsulates this value. If you’ve seen the series, you know that time and time again Mando needs help. It’s actually a great example of the concept of an urban legend, he has a reputation as a powerful lone wolf, but he is constantly helped by others. Every time he comes close to failing, someone bails him out. Often, asking for help initially, would have saved him time and made life easier for everyone. For example, Mando would have been in hot water if the rest of the Mandalorians hadn’t made themselves known to save him from the other bounty hunters. Although, as the series evolves, so does he, and eventually he does ask for some help.

Recently, a relative fell for a tech support scam again. She reached out to ask us about it after she had given them her credit card details, while they had remote access to her computer. These are the stories that we hear all too often – people asking for help after it’s too late. It’s important to take a beat and not act impulsively. Mando didn’t have to charge in to save Baby Yoda after seeing the discarded bassinet, he could have come up with a plan and asked for help… he could have confirmed what he was getting into. This is what people need to do with they get a pop-up, a text message, or a phone call. Your ISP is never going to contact you and say, “We detected a virus on your computer, please visit this website and provide your credit card details so we can remove the virus.” Think about what you’re getting into, consider the possibilities, ask for help.

That puts a lot of onus on us in the tech industry as well. We’re famous for making jokes about foolish friends and family asking for help or outright refusing to help them. At a time like this, when people are inundated with scams, we need to help them out, answer questions and provide guidance. I regularly get Facebook messages asking me to confirm emails or text messages, asking if URLs look questionable. This is a positive. It shows that people want help and we should make it as easy as possible for people to get our help right now.

In order for people to put aside their pride and ask for help, they need to realize they need help. They need to recognize that something isn’t quite right. You’ve heard of the sniff test? Well, this is the perfect time to apply it. When something smell’s fishy, it probably is. If we revisit the Star Wars universe’s latest hero, we can talk about episode six, where Mando teams up with mercenaries he knows from his past to help with a prison break. He is initially cautious, but after getting double crossed, his suspicion increases. When the episode ends, we realize that the mission didn’t quite pass the sniff test and he has scammed the scammer. While it’s not expected that everyone scam the scammer, it’s good to know when something doesn’t smell right and you need to walk away.

A friend realized last month that an email they got didn’t sit quite right with them. It was an email from “Canada Post”, but on closer inspection the email address was and not a email address. The linked website was a .ru domain, typically not a domain associated with crown corporations in Canada (or really any legitimate business in North America). The gist of the email was that a package could not be delivered and they required a $2.00 fee for redelivery. This was all explained with very broken English. The website contained one of the sketchiest, laziest credit card input forms that I’ve ever seen. Thankfully, because the email and website didn’t pass the sniff test, my friend reached out and she was saved from any issues that might have popped up. Whether you call it situational awareness, common sense, or anything else you want, remember that thinking about risks and going with your instincts can really save you.

Finally, let’s step away from scams, and talk about communication. We’re relying more and more on technology to communicate. Software like Microsoft Teams and Zoom are keeping us connected at work and families are relying more and more on Facebook Messenger and Facetime. My niece and nephew have been video calling my wife and I, and I just spoke to my mom the other day and heard that she got a wakeup call from my sister and other niece that morning. Technologies that were only really associated with younger generations are now being used by everyone.

Along with increased usage comes increased risks. We’ve heard about security risks in the software we’re using and Zoom Bombing on open video sessions. Many of the issues that we hear about could be avoided with intelligent use of the tools we’ve been given. Some issues are with the software and we must be diligent about updating as fixes become available, but we also need to know and understand our tools. When the Armorer makes Whistling Birds for Mando, although he is familiar with them, she still provides a warning. We need to heed the warnings that come with technology, to realize that a piece of video conferencing software is a tad more complex than a blow dryer or an impact driver.

When the Jawas strip Mando’s ship, he refers to it as destroyed; the technology overwhelms him. The older, wiser Kuill points out that it is not destroyed and that it can be repaired with the parts. The entirety of episode 2 looks at the dismantling of the ship, the recovery of the parts, and the rebuild process. Sure, plenty of other things happen, but this is the movement of the technology. For Mando, with his limited understanding things look hopeless, but Kuill sees a light at the end of the tunnel; he sees a way to make the technology do what they need it to do. Not everyone is going to be an expert with technology, so it may seem like it’s impossible to secure a conversation or ensure your privacy. There are ways to make things work better and to limit your risk. You just need to understand your tools. If this is outside of your wheelhouse, then loop back to where we started… just ask for help.

The Mandalorian was great for a number of reasons, and if you’re stuck in quarantine and haven’t watched it, it’s worth spending a day to binge it. If you don’t see the lessons I’m describing, hopefully I’ve at least described them well enough to make a point.

The only way that we’re going to beat the scammers and use technology to get through these dark times is if we work together and lend a helping hand. Don’t be afraid to ask for help or an explanation, plenty of people are looking for ways to contribute and would be glad to lend a hand.


  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • 91 Percent of Security Leaders Believe AI Set to Outpace Security Teams

    Bugcrowd recently released its “Inside the Mind of a CISO” report, which surveyed hundreds of security leaders around the globe to uncover their perception on AI threats, their top priorities and evolving roles, and common myths directed towards the CISO. Among the findings, 1 in 3 respondents (33%) believed that at least half of companies are willing to sacrifice their customers’ long-term privacy or security to save money. Read Now

  • Milestone Announces Merger With Arcules

    Global video technology company Milestone Systems is pleased to announce that effective July 1, 2024, it will merge with the cloud-based video surveillance solutions provider, Arcules. Read Now

  • Organizations Struggle with Outdated Security Approaches, While Online Threats Increase

    Cloudflare Inc, recently published its State of Application Security 2024 Report. Findings from this year's report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams. Read Now

Featured Cybersecurity


New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • ResponderLink


    Shooter Detection Systems (SDS), an company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3