Social engineering is still one of the best ways for hackers to invade in organizations, since there is no patch for human stupidity, says security expert Kevin Mitnick. Mitnick was for years the most wanted hacker in the world and was eventually sentenced to a prison term of five years for breaking into several large companies, where he applied social engineering.
During his keynote address to the CeBIT business IT conference in Sydney Mitnick said that social engineering is particularly effective to penetrate into secure networks because existing problems are human error. "You can not download a patch for stupidity," he noted. "Social engineering bypasses all intrusion-detection systems. There is nothing on the market that can detect." In addition, free or relatively inexpensive to carry out, such as sending e-mail.
Mitnick himself conducts his own business penetration tests. If there should be social engineerg used, the success rate close to 100%. "It works on any platform, regardless of whether you're using Windows, Mac OS X or Linux. It is completely platform independent and the success rate is almost 100%." Mitnick told the audience that anti-virus software is dead and that most attacks that result from social engineering are able to bypass the virus, let Zdnet know.
They are, according to him than people who are the weakest link in security. "Users are the problem," said the ex-hacker. He also advises companies to strengthen "human firewall", something that can be done by repeated workouts. Additionally, organizations must ensure that all software on the computers of employees up-to-date and needs to incoming and outgoing traffic stringent be filtered through the firewall.
No comments:
Post a Comment