Social engineering cyber attacks ‘effective’
Dubai, June 5, 2013
Social engineering attacks are 99.5 per cent effective as over-reliance on technology and poor employee awareness leaves gaps in human firewalls, an expert said, adding that it is favoured by cyber criminals as it involves minimal cost and risks.
Kevin Mitnick, a renowned ex-hacker was speaking at the Gulf Information Security Expo and Conference, which is ending today (June 5) in Dubai.
Mitnick gave delegates a riveting demonstration on cyber hacking by calling international banks live on stage and demonstrating how easy it is to bypass their security safeguards and obtain sensitive information.
This was part of a discussion on Social Engineering - a form of cyber crime in which criminals exploit the psychological vulnerabilities of human users (as opposed to the technological weaknesses in the security system itself), and manipulate unsuspecting employees or consumers into revealing valuable information.
“There isn’t a single security package on the market that can fully prevent social engineering, or a single app that can be downloaded to prevent an employee’s ignorance, greed or naiveté. Social engineers exploit human nature, so companies should explore human-centric solutions such as secretly staging false attacks on their own networks, to evaluate how employees react and teach them effective counter-hacking behaviour,” said Mitnick.
“Platforms such as Gisec are vital to the region so that companies, government entities, IT professionals and experts can exchange information and discuss the latest information security developments.”
“Cloud computing is evolving quickly, to build foundations and innovate. Applying it to security could change the game, and make following security easier, as well as being more secure than enterprise computing,” said Curt Aubley, vice president and chief technology officer at global giant Lockheed Martin.
“In a world where cybercrime is prevalent, cyber security is a global team sport. Businesses need to understand what is out there, and execute solutions and practices to stay ahead of the game.”
The speakers delved into the most imminent threats facing the region, particularly in light of the fact that crucial public services like water and electricity, inter and intra-city transportation, emergency response centres and even law enforcement services are increasingly being coordinated from centralised ‘nerve centres’, which makes them a more appealing target for ‘e-collar’ criminals and cyber terrorists.
Trixee Loh, senior vice president, Dubai World Trade Centre, said: “Cyber analysts have warned that hackers are conducting online conferencing and forming syndicates to trade information and strategise on the best anti-detection measures.
“This makes it even more imperative for organisations to combine their expertise at a platform like Gisec and stay a step ahead. We are helping to accelerate the process of knowledge transfer among participating organisations, through acclaimed visionaries and top level decision makers. Additionally, we are giving delegates and exhibitors a 360 degree view of the digital landscape to examine the current and expected threats.”
At Gisec 87 companies from 18 countries have confirmed their participation. More than 2,000 visitors are expected over the course of the three-day event. The exhibitors, experts and participating companies encompass all aspects of information security - ranging from education and training, telecommunications, business hardware, software, internet and intranet services, cloud infrastructures, data management, mobile devices and advisory services, among others. – TradeArabia News Service