Good Insights From The (Almost) Bad Guys

Friday August 31 2018


With more and more data stored online these days, hackers have plenty of reasons to attack company networks to modify or steal data and even hold it for ransom. Cybint Solutions , a cyber security and legal support organization, estimates that a cyber attack happens every 39 seconds. This means that companies and websites are being bombarded by malicious users. It’s easier for information security professionals to thwart these attacks when they are launched head-on from the outside. Unfortunately,  more and more attacks are occurring on the inside through social engineering, which makes them harder to predict and prevent.

Social engineering is a hacking method that tricks unsuspecting users into sharing information or completing a desired action, such as clicking on a link or downloading a file, that helps the hacker gain access to a network. Social engineering is not necessarily limited to the cyber world — think of the scams where thieves call individuals to have them verify personal information or send money — but it probably is the most prevalent online because of the sheer volume of online interactions that occur each day. An individual might see a weird phone call as a red flag, but a prompt to click on a link or even enter a password can seem more commonplace. This trust gives hackers the opportunity to infiltrate a company’s network.

According to Norton, hackers use a variety of social engineering tactics to trick users, including

- Spearphishing, which involves masquerading as a trusted source and sending an email to victims asking them to click on a link or enter some information

- Baiting, or leaving a malicious USB with a virus and an enticing outer label in an office to tempt someone into plugging it into a computer

- Email hacking and contact spamming, or breaking into a user’s account and spamming his or her contacts with a malicious email

Once hackers have the access they need, they can join a company’s network and launch an attack from the inside. Approximately 60 percent of attacks happen from inside a company’s network, according to IBM’s 2016 “Cyber Security Intelligence Index .” Of these, three-quarters are committed by malicious insiders while the remaining quarter is facilitated by unsuspecting users who fell for a social engineering tactic. 

To protect their companies, IS professionals need to train their coworkers about cyber security and the dangers of social engineering. By teaching people to recognize the most common tactics and to speak up if they see something fishy going on, IS professionals can protect their companies from getting duped by hackers.

Taking this even further, IS professionals need to out-engineer these social engineers by understanding their motives and strategies and staying one step ahead. Cyber Security Atlanta keynote speaker Kevin Mitnick , chief executive officer of Mitnick Security and formerly one of the FBI’s Most Wanted hackers, will give attendees insight into the minds of hackers and the tricks they use to skirt security systems and gain access to a company’s network through social engineering. Mitnick is the worldwide authority on social engineering and one of the most elusive break-in artists in history because he hacked into the National Security Agency and more than 40 Fortune 500 companies and governments just for fun. Don’t miss his presentation, “How Hackers Attack and How to Fight Back: With Live Hacking Demonstrations of the Current Threats to You and Your Organization ” on Wednesday, Oct. 17 from 8:30 to 10:00 a.m. at Cyber Security Atlanta.

Cyber Security Atlanta will take place Oct. 17-18 at the Georgia World Congress Center. Ticket info can be found here