Mitnick In The News
Cybersecurity: the weakest link is you
Oct 29, 2017 - El Comercio, by Bruno Ortiz Bisso
<Translated from Spanish using Google Translate>
Social engineering is called the techniques that seek -explaining emotions- gain our confidence to obtain valuable information
Cybercrime, online scams, computer attacks, massive hacking. These terms -which refer to the different types of digital threats to which we are all exposed- are less and less strange to the majority of the population.
If we add to all the technology that exists, why do serious cybersecurity problems continue to arise ? Because the weakest link in the chain is still you, the end user. The use of social engineering is key to this complex situation.
-No patches or antivirus-
Social engineering is called a series of techniques based on psychological manipulation, in such a way that a person can share confidential information or perform some unsafe action. Thus, personal data, passwords, databases, financial information and more may be in the hands of cybercriminals.
We must bear in mind that social engineering appeals to the nobility of the human being. Kevin Mitnick, a famous social engineer, said that "as we all like to help, our first movement is always to trust the other, we do not like to say no and we all like to be praised". That is the main vulnerability that is exploited.
"The user is considered the weakest link because he is not aware that he is exposed to risks. He believes he will never be scammed, "Óscar Chávez, vice president of sales for Latin America at security firm Sophos, told El Comercio.
This situation remains valid because, in general, people still think that the digital or virtual environment has no relation to their daily lives. As if it were assumed that what happens on the Internet, on social networks, on the web has no effect on "the real world".
"In a computer system you can improve the code, make a robust design or place security patches. You can not put patches on people. You can make an attempt to educate them, but you will always have the final decision: I click or not; I accept or reject, "reflects Dmitry Bestuzhev, director of the Global Research and Analysis Team of Kaspersky Lab in Latin America.
-Threats every day-
Phishing is one of the most well-known social engineering methods. This consists of tricking the user to get passwords, account numbers and other sensitive information, directing it to false websites, very similar to those of prestigious institutions.
For this, email is a fundamental tool. If not, remember how many times you received messages from accounts suspended in banks that you do not work with, or irresistible offers to buy things at very low prices. "There is nothing free or there will be. You must always doubt. If you have not requested information, even from a known contact, confirm its veracity, "recommends this newspaper Jorge Zeballos, general manager of ESET Peru.
But there are other social engineering tactics that are very efficient and do not happen in a digital environment.
What would you do if you find yourself lying on the street, while returning from lunch to your office, a USB flash drive, with a very striking design or with a very large amount of storage? And if they send it as a gift, even if it is not in a sealed package? If your first impulse is to place that USB stick in your home or office computer to see what it has, you've already lost. Although apparently empty, it is very likely that you have infected your computer, increasing the chances of the theft of your information.
And what about the e-mails or text messages (SMS) that announce that he won juicy prizes in contests in which he has never participated? And with the calls to your home, from reputed prestigious institutions requesting an update of customer data? Post with job offers to which you did not apply or with antivirus updates? Beware All these are social engineering techniques that put your cybersecurity at risk .
The only way we can combat social engineering is with information. Part of the digital literacy of people should be aimed at knowing the ways of acting of cybercriminals. Once again, education is a fundamental part.
More cool articles may be found at the source.