Cyber Security Articles & News

Hacker Shows and Tells Health Care CIOs Why Security is Important

Kevin Mitnick, famous former hacker, gives thought provoking demonstration to open CHIME-HIMSS CIO Forum

Before the 2017 HIMSS Annual Conference and Exhibition kicked into high gear, the CHIME-HIMSS CIO Forum opened with a keynote address Sunday morning that reinforced just how terrifyingly easy it is to hack into seemingly sophisticated systems, using the right tools and brainpower.

Given the fact that managing the health of populations is becoming more reliant on data, protecting this growing repository of information from cyber attacks is becoming increasingly important — especially to a room full of CIO’s.

However, according to the 2016 HIMSS Cybersecurity Survey, two-thirds of respondents experienced a recent significant security incident, but admitted to only an average level of confidence in being prepared to defend against cyberattacks.

In that vein, during the keynote “The Art of Deception: How Hackers and Con Artists Manipulate You and What You Can do About it,” Kevin Mitnick carried out real-time hacking demonstrations, through the most common form of attack used today — “social engineering,” he says.

The technique involves a “con” tricking a human user into doing something, let’s say downloading a software attachment from what seems like a trusted source, then having the software feed information to the hacker to get further valuable information down the road.

The approach is relatively easy to use, cheaper and hard to trace, says Mitnick, who once earned a spot on the FBI’s most wanted list after hacking more than 40 corporations, but now serves as a security consultant to Fortune 500 companies and governments. “All it takes is one employee inside the business to screw up,” he says.

With four computers spread out over a table on stage, Mitnick breezed through more than five different data hacks. One hack, which he called his favorite, involves sending a barrage of pop-ups to a user requesting to update a simple program such as Adobe. The pop-up annoys the user into downloading the false upgrade. Mitnick’s overhead screens showed simple, but useful data flow onto his computer as the user (his other computer) installed the false upgrade.

In another demonstration Mitnick borrowed a common HID Access card, commonly used to gain access to floors in buildings, from an audience member, and used a small device to automatically hack into the card and gather all the information necessary to gain building access.

Even more terrifying, was the larger version of the device that he says can be stored in a backpack and can steal information within three feet of a similar badge. He handed both cards back to the gentleman saying, “if you lose that one, here’s a backup just in case.”

As the session was nearing an end, and I wondered if he came to Orlando just to send chills down every CIO’s spine, the man billed as "the world’s most successful hacker” offered some advice.

Protect HIPPA and proprietary data and create a more sophisticated type of system that is difficult to hack, he says. The people looking to make money fast will not target you, they will go to another company with less security.

“You can take the steps necessary to make yourself a hard-target.” 

Read this article and other great ones at the source.

Source: Hospitals & Health Networks

Topics: Social Engineering, The Art of Deception, employee security training, CHIME HIMSS CIO Forum, false upgrade, hacking, keynote speaker, malicious software updates, cyber attacks, protecting data, HID Access card, information security, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

What is a Penetration Testing Framework?

Penetration testing services are performed by cybersecurity companies to help find weaknesses in an organization's network, internal systems, and show..

Read more ›

What To Expect During Red Team Operations

Companies are producing an exponential amount of data every day and by 2025, it’s estimated that there will be about 181 zettabytes of data. As your o..

Read more ›

4 Considerations When Choosing Between Pentesting Companies

As business models continue to evolve the need for cybersecurity measures is more necessary than ever before.

Read more ›