Friday, November 8, 2013

The Strongest Security is Probably Just Following Your Existing Policies

The materials leaked by Edward Snowden include data that he should not have been able to get access to. So how did he get the materials? He apparently persuaded more than twenty co-workers to give him their login IDs and passwords. He told them he needed the credentials to do his job as a systems administrator. The use of so-called "social engineering" is a tried-and-true method of gaining access to off-limits resources. This is the psychological manipulation of people into performing actions or divulging confidential information.

A famous use of social engineering was by Kevin Mitnick, some think the world's most infamous hacker. His exploits as a cyber-desperado and fugitive from one of the most exhaustive FBI manhunts in history and has spawned books and movies. Since his release from federal prison, in 1998, Mitnick has turned his life around and established himself as one of the most sought-after computer security experts worldwide. He was an expert at getting people to trust him, and give him the "keys to the kingdom" so he could access all sorts of information.

A lesson all of us in the cyber security business know -- all the firewalls and encryption protocols in the world will never be enough to stop a savvy con-man intent on stealing a database or an irate ex-employee determined to crash systems. Next time the government should think of preventing these types of social engineering hacks through better-enforced security protocols, training programs, and educating the right people to address this all-to-human element of security.

No comments:

Post a Comment