Behind the scenes hackers and con artists (‘black hat hackers’) are working hard to steal companies’ confidential information. Yet, most of us are unaware of the scale or new innovative levels of deception that are being evolved by criminal hackers.
This was the message from Kevin Mitnick, once described as “the most wanted computer criminal in the United States”, the keynote speaker at the AFSA Vehicle Finance Conference in Las Vegas.
You can watch his presentation free of charge – it is the first in a series of industry insight videos from the event which White Clarke Group are making available to the industry.
Mitnick’s presentation was introduced by Steve Wozniak, co-founder of Apple, who told delegates that cyber security is now the single biggest issue faced by all institutions. Consumer and asset finance lenders are of course no exception to this.
Indeed, some 44.5% of delegates at the 20th annual American Financial Services Association (AFSA) Conference and Exposition when questioned whether they had ever been hacked answered a definite “no”. However 29% confessed they had been – and a worrying 26.5% admitted they were “not sure”.
When asked “does your organization do security penetration testing?” some 5.8% of respondents did not know what the term meant, although 63% claimed that they had undertaken such protection.
Mitnick informed delegates that ‘social engineering’ is a refined and exceedingly challenging form of criminal behavior which is impervious to these sorts of tests.
So-called ‘social engineering’ evades all intrusion detection systems that are out there in the market. It’s free, or low cost, because the bad guys are using email.
“Social engineering,” he stressed, “is a form of hacking where the bad guys use influence, deception and manipulation to convince another to comply with a request in order to compromise their computer network.”
He added: “The target is either to release information – or to pull off an action item.”
Why do attackers use social engineering?
Mitnick explains: “Because it’s much easier than doing a technical exploitation. There are tools out there that your 10-year old can download from the internet – it’s sort of ‘point-and-click hacking’. However, they will inevitably leave ‘logs’ – some sort of audit trail.”
“With social engineering that does not exist. It evades all intrusion detection systems that are out there in the market. It’s free, or low cost, because the bad guys are using email – or they’re calling one of your employees on the telephone. And guess what? – They’re calling on your company’s toll-free number. So you’re even paying for the call!”
Equally worryingly, he warns that social engineering “works on every operating system out there known to mankind. No matter if you are using OSX from Apple or Windows – it is just about 100% effective in breaching them.
In this 90 minute video Kevin Mitnick explains the scale of the threat from hackers – and some of the best methods of avoidance.
You can read more about Kevin Mitnick in the Daily Telegraph which puts him top of their top ten most famous hackers. They note that he was once described by the US Department of Justice as “the most wanted computer criminal in United States history.”
Over the next few months White Clarke Group will be providing additional presentations from the AFSA Vehicle Finance Conference. Topics to follow include: “Hiring, Training, Retaining Millennials, Diversity”, “Crossing the Generational Divide” and “Family Feud – Innovation at the Dealership”.