Hacker Kevin Mitnick on the risks of human components for well being information safety

Legendary hacker Kevin Mitnick, who spent practically three years as a fugitive from the FBI earlier than being arrested in 1995, had some helpful recommendation for the healthcare chief data officers on the CHIME-HIMSS CIO Discussion board on Sunday.

Mitnick, who penetrated the networks of corporations comparable to Solar Microsystems, Nokia and Motorola in the course of the ’80s and ’90s and spent 5 years in jail, now works as a white-hat safety guide. With a sequence of amusing however sobering demonstrations, he confirmed simply how simple it’s for cybercriminals to make the most of human error to create near-endless alternatives for information breaches.

Shrewd hackers do not should be know-how savants. They’ll make use of social engineering – manipulation, deception, trust-building – to trick unsuspecting customers. And it is a lot “simpler than executing a technical exploit,” stated Mitnick.

Simply ask John Podesta, chair of the 2016 Hillary Clinton marketing campaign, whose trove of emails was accessed because of a spear phishing assault and subsequently posted to Wikileaks. You are in all probability acquainted with the remainder of the story.

With a sequence of stay demos, Mitnick confirmed how laughably simple it’s to trick folks into inserting trojan-infected USB drives into their computer systems and allow a distant hacker to realize entry to working programs and webcams. He additionally confirmed how unsuspecting workers might be duped into becoming a member of spoofed wi-fi networks, which allow large-scale credential harvesting; and the way hackers can “weaponize” pretend software program updates to realize free reign over a system, undetected.

Again in his black-hat days, Mitnick was capable of pay money for supply code from Motorola just by calling an 800 quantity and utilizing some tech-jargony candy discuss to persuade a safety staffer there to switch it to a separate server. That sort of worker belief – that susceptibility to a well-played confidence sport – might be simply as harmful as any brute pressure assault.

He stated it was key for healthcare organizations to shore up their defenses by creating social engineering resistance coaching applications and performing penetration exams to find which workers is perhaps more than likely to take the bait, serving to construct a “human firewall” by educating workers concerning the risks of an excessive amount of belief or too little vigilance.

Mitnick’s keynote got here simply as a brand new survey was revealed on Feb. 19 by CHIME and KLAS, revealing findings that CHIME CEO Russell Branzell referred to as “stark and regarding.” Simply 42 p.c of the healthcare organizations polled have a vp or C-level official accountable for cybersecurity, it discovered; solely 62 p.c focus on safety at quarterly board conferences.

And solely 16 p.c of the suppliers surveyed (primarily giant hospitals and built-in supply networks) say they’ve “totally practical” safety applications in place, in accordance with CHIME.

Important to the success of any such program is to focus as a lot on social engineering as a lot as know-how protections, stated Mitnick: “The human issue is the weakest link.”

Read this article and other cool ones at the source.

Source: TECH 2

Topics: Social Engineering, Speaking Engagements, trojan infection, human firewall, spoofing, WikiLeaks, CHIME HIMSS CIO, brute pressure assault, cyber security, Hillary Clinton, John Podesta, Russell Branzell, USB drives, WiFi, phishing, information breaches, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

6 Types of Social Engineering Attacks and How to Prevent Them

Social engineering attacks account for a massive portion of all cyber-attacks.

Read more ›

What You Get When You Invest in Social Engineering Testing with Mitnick Security

When testing your employees' social engineering readiness, your teams need simulated attacks that feel as if they’re coming from a nefarious engineer...

Read more ›

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›
tech-texture-bg