Romolo Tavani -

KnowBe4 cyber drama tackles Colonial Pipeline in fourth season

KnowBe4’s ongoing cyber security training drama, The Inside Man, reaches its fourth season with a plot drawing inspiration from one of the most impactful cyber attacks of 2021

KnowBe4’s increasingly popular cyber security training drama The Inside Man will tackle ransomware attacks on critical national infrastructure (CNI) in its fourth season, drawing inspiration from the May 2021 heist on Colonial Pipeline as an apparent ransomware attack on a London-headquartered oil and gas company threatens to blow up its Norwegian storage depot and disrupt fuel supplies to millions of homes across the UK.

The show, which is designed to be delivered in bite-size chunks as a voluntary add-on to corporate training, is presented as a techno thriller in which leading man Mark Shepherd (Ben Adnams), a reformed malicious actor and now the owner of the eponymous Good Shepherd cyber consultancy, and his crew of cyber warriors AJ (Abe Jarman), Fiona (Kathryn Georghiou), Maurice (Brandon Potter) and Violet (Kirsty Averton) foil cyber attacks while presenting actionable lessons on cyber security for the layman, covering topics such as social engineering, password hygiene, social media security, and mis- and disinformation.

“It seems that every season we get that much bigger, better and more exciting, but this season takes it to a whole new level,” said Jim Shields, creative director at Twist & Shout Communications, part of KnowBe4. “The Inside Man has now grown into its own dramatic universe, more international than ever, and full of amazing characters.”

Stu Sjouwerman, KnowBe4 founder and CEO, added: “The feedback from our customers is clear: The Inside Man is the most used security awareness training series that we produce in the optional training category, so we had to bring them another season. Season four promises to deliver another highly anticipated continuation of the storyline, undoubtedly with some plot twists.”

With season four in development during the spring of 2021, the production team suddenly found themselves watching on as a major ransomware heist against US fuel distributor Colonial Pipeline suddenly brought cyber crime to global attention, with consequences in the real world. John Just, KnowBe4’s chief learning officer, told Computer Weekly the decision to “do” Colonial Pipeline was a no-brainer.

“It’s a great example, it was a public example,” he said. “Some of the examples we’ve had in the other series, we have this feedback from people constantly… and they will say, ‘oh, but that stuff doesn’t happen that much, this is fearmongering’,” said Just. “So we wanted to take something that was very public, and make sure people could connect to that.”

Computer Weekly at the movies

Season four of The Inside Man boasts new locations, more jeopardy, helicopters, and what may very likely be both the first on-screen kiss and first original song ever seen in a security training film.

The strong core cast – which is by now probably the hardest group of actors to hack in the world – keeps the interpersonal drama bubbling along with the strong performances that viewers have come to expect. Meanwhile, the CEO of the victim oil and gas company turns in a scenery-chewing performance worthy of Kenneth Branagh in his pomp, thumping his hands on tables and yelling: “I don’t care what you do – just get me my pipeline back!”

Fans of The Inside Man – which now does indeed have its very own dedicated fandom – will find much to enjoy here. The underlying security lessons are, as ever, clearly presented, coated with enough interpersonal drama to help them slip down without you really noticing, and besides the core topics, there are also helpful sub-plots that centre less on organisational security posture, but rather keeping yourself safe online and spotting fraudulent or fake content.

Those tasked with the often thankless task of delivering cyber training are likely to appreciate the subtlety with which the lessons are imparted – a far cry from the training films of yore that did the educational equivalent of hitting their “victims” around the head with a brick. The lessons also remain fresh, despite the obvious limitations, which Shields put down to the support provided to his team by KnowBe4.

“KnowBe4 provides a machine behind us that is constantly in touch with these stories, and they do their own research and they’ve got some fantastic people who contribute,” he said. “It’s like having your own research and development lab behind you.”

With three further seasons already pencilled in, Shields is planning to go bigger and better for the next instalment. “Having that commitment allows us to build a story up across the whole series, which is fantastic because that’s when we get under people’s skin,” he said. “The longer that people have to fall in love with the characters in the story, the more we can do to open the channel of communication.”

Too cool for school?

If The Inside Man comes up short in any regard, it is in the treatment and portrayal of its in-universe 404 ransomware operation, which is crewed by a squad of good-looking youths with colourful hairstyles and expensive hoodies, hanging out in a dimly yet artfully lit lair and, at one point, who are seen downing vodka shots as they celebrate their success.

And as the camera pans back to reveal that the 404’s hideout is in fact located in one of Berlin’s most Instagrammable locations (I don’t think it’s too much of a spoiler to say the location scouts picked the iconic Teufelsberg Cold War spy station), you can’t help but feel these people look, well, kind of cool. It is certainly a far cry from the pictures of shaven-headed men, dingy flats and overflowing ashtrays that Ukrainian police like to circulate whenever they bust another ransomware affiliate.

We in the security community understand that the stereotypes exist for good reason, but there are now a growing number of people who feel they are not helpful to the cause. Unfortunately for this reviewer, as a production like The Inside Man has a high-profile platform to help change this and is ultimately made on a security company’s budget, it feels like a rare mis-step in an otherwise excellent concept.

Read more on Security policy and user awareness

Data Center
Data Management