The weakest link in safety is still man. Kevin Mitnick showed us how to outsmart us

Over the past 16 years, Kevin Mitnick's team of hackers broke into every company whose security he checked. - Those evil hackers are always looking for the weakest link in the security chain. In my opinion, most often these are people, not technology - said Mitnick on stage during the Business Insider Inside Trends conference at the Koneser Center in Prague. He showed that hackers are copying even the security cards of their victims during visits to office bathrooms.

Kevin Mitnick, once the most-sought-after FBI person in the United States , has been helping companies to check their security levels for years with his team.

Mitnick emphasized during the Business Insider Inside Trends conference that the most effective weapon in the hands of hackers is social engineering , which is appropriate manipulation of people and extracting information from them. - If an attacker can thus get into one person from your organization, all security measures can be bypassed without any problems - said Mitnick on the stage.

Interestingly, according to Mitnick, it may be easier to hack companies in the United States or Japan than in Poland, because people in our region are more skeptical and suspicious.

During the Business Insider Inside Trends conference, Mitnick presented techniques allowing to gain access to company systems.

Social engineering in practice

Mitnick points out that using people to reach company systems is easier than utilizing hacking technology. It's almost free, and the risk for the attacker is very low. He noted that the effectiveness of such methods is even 99.5 percent.

The most famous hacker in the world pointed out that gathering information is a very important tool. He added that it is best to manipulate representatives of the sales and marketing department. - Students often work there - he explained.

Sometimes it's only a cursory search for information and the use of generally available tools. Mitnick told about one of the cases when he was hired by a large Canadian company. - I noticed that the website advertises a company dealing with human resources management in the Internet cloud - said Mitnick. All it took was just a few steps : registering the right domain, creating a fake page and tracking the person you can enter and the person to whom you should speak.

Within a few hours, he gained access to the data of all employees in the organization.

Watch out for passwords, pendrives and cables

Mitnick also pointed out that by changing the password, which was previously stolen, it must be significantly modified . Hackers, using the database of stolen information, can check if the password has been changed only gently.

Many people know that they should not connect pen drives received from strangers to computers. Mitnick said that the attacks can be carried out using special, swapped ... USB cables.

Double verification and copying of cards

Mitnick also showed that sometimes double verification will not save us from breaking into some websites . Hackers can steal ... session cookies that allow you to log on to a given page on another computer.

One of the most interesting "tricks" shown by Mitnick was copying access cards to office gates and doors. Hackers have tools that allow you to copy access cards to the building and premises in the company . It is enough to sometimes stand next to another person in a public toilet in a given building.

How to defend yourself?

Kevin Mitnick pointed out that the best way to educate in companies is to carry out simulated tests . - When someone in the company clicks on such a link in the email, instead of downloading the malware, he will receive the following message: "You made a mistake. You have to watch the instructional video". The second mistake? He must watch the movie again. Third error? An hour of educational materials - said Mitnick. In the end, people have to learn, if only for their own protection..

He added that conducting security penetration tests is necessary in large organizations. Employees should also report suspicious emails or other activities within the company.

- "The bad guys" will always look for the weakest link in the security chain. In my opinion, most often these are people, not technology - explained Mitnick.

To view the original article and to read other great busines articles, refer to the source.

Source: BUSINESS INSIDER POLSKA

Topics: Social Engineering, Speaking Engagements, Warsaw, pendrives, Poland, hacking company systems, hacking team, Inside Trends, Internet cloud, Password Management, security cards, Mitnick Security, USB cables, Kevin Mitnick, Koneser

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Mitnick Security: Ransomware Awareness Training

Ransomware is a type of malware that prevents accessibility to either a single computer or an entire network until a ransom is paid. This can result i..

Read more ›

Mitnick Security: Phishing Awareness Training

Phishing emails are one of the most common social engineering techniques used by threat actors today due to such high success rates. About 3.4 billion..

Read more ›

Mitnick Security Training: QR Code Cybersecurity Test

Nearly 90 million smartphone users in the U.S. alone have used QR codes on their mobile devices. By 2025, that number is projected to grow to 100 mill..

Read more ›
tech-texture-bg