Cyber Security Articles & News

Hacker Shows and Tells Health Care CIOs Why Security is Important

Kevin Mitnick, famous former hacker, gives thought provoking demonstration to open CHIME-HIMSS CIO Forum

Before the 2017 HIMSS Annual Conference and Exhibition kicked into high gear, the CHIME-HIMSS CIO Forum opened with a keynote address Sunday morning that reinforced just how terrifyingly easy it is to hack into seemingly sophisticated systems, using the right tools and brainpower.

Given the fact that managing the health of populations is becoming more reliant on data, protecting this growing repository of information from cyber attacks is becoming increasingly important — especially to a room full of CIO’s.

However, according to the 2016 HIMSS Cybersecurity Survey, two-thirds of respondents experienced a recent significant security incident, but admitted to only an average level of confidence in being prepared to defend against cyberattacks.

In that vein, during the keynote “The Art of Deception: How Hackers and Con Artists Manipulate You and What You Can do About it,” Kevin Mitnick carried out real-time hacking demonstrations, through the most common form of attack used today — “social engineering,” he says.

The technique involves a “con” tricking a human user into doing something, let’s say downloading a software attachment from what seems like a trusted source, then having the software feed information to the hacker to get further valuable information down the road.

The approach is relatively easy to use, cheaper and hard to trace, says Mitnick, who once earned a spot on the FBI’s most wanted list after hacking more than 40 corporations, but now serves as a security consultant to Fortune 500 companies and governments. “All it takes is one employee inside the business to screw up,” he says.

With four computers spread out over a table on stage, Mitnick breezed through more than five different data hacks. One hack, which he called his favorite, involves sending a barrage of pop-ups to a user requesting to update a simple program such as Adobe. The pop-up annoys the user into downloading the false upgrade. Mitnick’s overhead screens showed simple, but useful data flow onto his computer as the user (his other computer) installed the false upgrade.

In another demonstration Mitnick borrowed a common HID Access card, commonly used to gain access to floors in buildings, from an audience member, and used a small device to automatically hack into the card and gather all the information necessary to gain building access.

Even more terrifying, was the larger version of the device that he says can be stored in a backpack and can steal information within three feet of a similar badge. He handed both cards back to the gentleman saying, “if you lose that one, here’s a backup just in case.”

As the session was nearing an end, and I wondered if he came to Orlando just to send chills down every CIO’s spine, the man billed as "the world’s most successful hacker” offered some advice.

Protect HIPPA and proprietary data and create a more sophisticated type of system that is difficult to hack, he says. The people looking to make money fast will not target you, they will go to another company with less security.

“You can take the steps necessary to make yourself a hard-target.” 

Read this article and other great ones at the source.

Source: Hospitals & Health Networks

Topics: Social Engineering, The Art of Deception, employee security training, CHIME HIMSS CIO Forum, false upgrade, hacking, keynote speaker, malicious software updates, cyber attacks, protecting data, HID Access card, information security, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

4 Signs Your Organization Needs Red Team Penetration Testing

According to a recent poll conducted by PwC, executives believe that mandated disclosures, tests of resilience, and pressure to get data security and ..

Read more ›

2023 Cybersecurity Budget Considerations for Your Organization

With the use of multiple work platforms and applications, organizations must choose between spending on cybersecurity or being vulnerable to devastati..

Read more ›

Why Choose Mitnick Security for Your Penetration Testing Services?

Incorporating cybersecurity services as part of your organization’s security plan can help stop threat actors in their tracks. From cyber security awa..

Read more ›