Mitnick: Internet users still vulnerable to social engineering

Kevin Mitnick, the famed American hacker who has parlayed his notoriety into a successful career as a security professional, said human frailty is still the weakest link in the security chain.

Mitnick made the assertion during “The Hacker’s Code” security conference sponsored by ePLDT at The Fort Shangri-La in Taguig City last April 11. This was his first visit to the Philippines.

According to Mitnick, hacking into a system is always a possibility because there is always a human element involved. “Even in this era of AI (artificial intelligence), I don’t think systems will be free of human intervention. There will always be people involved,” Mitnick, who spent five years in prison in the US for hacking-related offenses.

For this reason, Mitnick said cyber-criminals will still prefer or use social engineering to trick security folks and break into a system. To illustrate his point, the renowned hacker demonstrated during the conference a method to crack a two-factor authentication system using social engineering tactics.

To avoid falling into similar traps, Mitnick said it is important for enterprises or even small businesses to conduct social engineering training for its employees. He also stressed the need for regular security penetration testing and monitoring as being part of a truly successful cybersecurity model.

The security event, which was co-presented with IT security provider Check Point Software Technologies, was attended by over 500 customers and partners from the Contact Center Association of the Phils (CCAP), Phil. Retailers Association (PRA), Semiconductor and Electronics Industries of the Phils (SEIPI), as well as guests from the banking and finance industry, manufacturing, healthcare, BPO and government sectors.

“Being one of the emerging economies of the region, the Philippines is also considered one of the biggest targets for cyberterrorists, cybercriminals, and nation-state sponsored hackers. In response, we at PLDT Enterprise and ePLDT have pioneered efforts in the education and empowerment of businesses. Cyber security should no longer be viewed as ‘optional’, especially in today’s constantly changing landscape,” stated SVP and head of PLDT and Smart Enterprise Groups Jovy Hernandez.

For her part, ePLDT Group’s SVP and chief operating officer Nerisse Ramos said key decision-makers in every organization should be more proactive in implementing a cyber security strategy.

“The threats we all face are evolving and becoming more advanced at an alarmingly rapid rate. It is critical that we are ready and we accept that no company or individual is 100% safe from any breach. Thus, as business leaders and protectors of your organizations, you can no longer afford to be ill-prepared in today’s world. Preparedness means being ready before, during and after an attack,” she said.

This event review and other good information can be found at source.

Source: Newsbytes

Topics: Social Engineering, The Fort Shangri-La, Philippines, security chain, Taguig City, The Hacker's Code, CCAP, ePLDT, cyber security, Phil. Retailers Association, SEIPI, weakest link, AI, BPO, Check Point Software Technologies, Contact Center Association, cyberterrorists, PRA, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Bypassing Key Card Access: Shoring Up Your Physical Security

As you build additional layers of defense into your cybersecurity framework, it's important to implement physical security strategies as well.

Read more ›

How to Prioritize Your Pentesting Report’s Remediation Recommendations

If you recently received a penetration test, you’re on the right track to improving your cybersecurity posture. However, you may be wondering what the..

Read more ›

Understanding Post-Inoculation Cybersecurity Attack Vectors

If you’ve recently improved your cybersecurity posture, you should know that the work to protect your company’s data is not over.

Read more ›