Stopping The Fuse: Lessons from Hollywood

The first "Mission: Impossible" movie hit theaters on my birthday. I remember sitting there with my friends, all of us bewildered. We expected Tom Cruise to channel his inner James Bond, shooting handguns left and right. None of us had personal computers, and the internet was still a distant frontier. Yet, here we were, getting a glimpse of cybersecurity's future—hallucinations, voice phishing, database breaches, and a rogue group plotting to steal highly guarded data, threatening national security.

In today's proactive world of cybersecurity, I can't help but see a parallel between my friends back then and many folks outside our field now. They want to keep up but struggle to grasp the rapid pace of technological advancements.

In the early 2000s, my passion for film led me to Hollywood, landing a gig as an assistant at the William Morris Agency. I even went through their renowned Agent Trainee program—a role that paradoxically paid less than a standard assistant and demanded weekend work. Among all the desks I manned, I ended up with Jason Trawick, who had one major client: Britney Spears. Every day, tabloid reporters would bypass the front desk and call me directly. They weren't typical hackers; they were relentless data miners, fabricating identities from overseas film companies or major record labels, all in a bid to get dirt on Britney, especially around her infamous head-shaving episode.

The same events occurred with writers calling in as semi-recognizable producers. Saying that they wanted to send us the next great script and their assistant (aka them) would run it by our agency before lunch. Weeding through a rat nest of lies should be regulated to junior high dating. But instead, it gets far more trickier as the digital age grows around us.

This was my nightmare. The solution? A two-word code delivered by physical messenger to those calling in. We had to cross-check physical addresses against our directory—a task that consumed hours of my weekends.

Fast forward to now, with voice deepfakes becoming more sophisticated, a passkey sent to verified emails might be our best defense against these modern "Mission: Impossible" schemes. Look at DALL-E from two years ago and MidJourney's current work—we're on a trajectory where someone could infiltrate a Zoom meeting with a perfect deepfake by 2026. And let's be honest, half my Zoom meetings in the past year had my webcam "malfunctioning." Claiming your camera isn't working is hardly unusual.

Passkey systems might seem excessive, but they're worth it when you consider the millions a company could lose to a voice phishing scam. We need to explore a second layer of intercompany authentication. Persistence is a hallmark of those with dubious intentions, whether they're after insider trading info or just the release date of Britney's next album.