List of IT Pro user Groups in MI, OH, KY, and TN
Buy it now!
Last Friday, I joined Kai Axford and we went and saw Kevin Mitnick present on the Art of Deception and the danger of being conned. You can read Kai’s write up of the event here: Mitnick and Me. Also look for Kai to get a TechNet Radio interview with Kevin. I have to tell you it was enthralling and very eye opening. So I wanted to have a blog post and share some insight I gained from listening to Kevin speak.
Kevin spent his entire talk discussing the weakest link in the chain in regards to security in our day and age. What is that link? Us, People, our Users. The nature of social engineering makes it the greatest threat to our networks. After hearing Kevin speak I believe this even more. I also came to a conclusion that even though we call it social engineering, it really is an elaborate and well though out con job where the attacker is trying to gain a sense of trust and confidence of his target.
So why is social engineering the greatest threat?
Kevin discussed several examples of attacks he had heard of and they were frighteningly simple. Simple calls into your help desk, receptionist, or even accounting department can turn into security nightmares for your organizations. Why is that? Kevin called it holes in the human firewall (I really like that phrase):
Let’s face it there is no patch for human gullibility. I know the phrase is supposed to contain the word stupid, but after hearing the talk, I am convinced anyone is open to these kind of attacks.
What are the holes?
So how can we help improve the human firewall? This really involves your whole organization and needs involvement from top management. This also involves looking at all the information inside your organization and treat it all like gold! Some bits of information may seem trivial but you have to ask yourself, what if I combine all the pieces of “trivial” information. The answer may surprise and startle you.
What are some measures you can take to help protect your company?
If some of this information resonates with you I recommend taking a look at some the additional resources I have listed below.
Resources:
Kevin’s Security Consulting: http://www.kevinmitnick.com/company.php
Books:
(looks like I have some books to for the book of the month club. :-) )
this post is incredable thank you for
all that of info i'm a really huge fan
of kevin
yours
omar
Thanks Omar, I am glad you liked the post!
Hello Kevin,
Great posting; especially given how Infragard has grown over the years. Clearly the level of awareness of this organization as well as others is due to both the security community and hackers alike.
I'll give you a recent example that recently happened to me several months ago; I had my personal laptop stolen, luckily I had encrypted the laptop to DoD standards and had tracking software on the laptop in case of this occurring. The result while the laptop was stolen, the important thing to consider is that non of my personal data (PII -SS#, job applications or other data was impacted). I wish the same can be said about a lot of organization(s) today, who fail to safeguard their data "because as you said they believe 'it won't happen to me'." Say hi to Darcy for me and I hope all is well with you.
~Joe Libuszowski
I can't believe Infragard would let Mitnick speak, or anyone else for that matter.
This man happens to be a writer for the hacker magazine 2600. I'm holding the latest 2600 copy right now and his name is in it.
Him being a writer for a hacker/phreaker mag should tell people something which is that he's playing both sides of the fence, talking "I'll help you with security" on one hand while helping hackers hack you on other.
Pick up 2600 magazine at Barnes and Noble and you'll find his name in the back.
Any man who would help hackers on one hand while supposedly claiming to be reformed is NOT someone I'll pay attention to, thanks but no thanks.