[caption id="" align="alignleft" width="140" caption="Kevin Mitnick Interview"][/caption] Kevin Mitnick was interviewed by Spiceworks' Nicholas Tolstoshev: "When Stu Sjouwerman from KnowB4 announced their partnership with Kevin Mitnick, famed computer hacker turned security consultant, I thought this would be a great opportunity to interview Kevin about his security work and get his insights on SMB security. I got question suggestions from the spicy peppers and spoke with Kevin by phone to get his thoughts on what is important for an SMB IT pro:
Tell us a bit about yourself and the work you are doing with Stu and Knowbe4
I used to be a hacker, but I did it for the challenge of it rather than the money. I wrote a book about it called the Art of Deception that covered a hacking technique called social engineering. This is a methodology to break into systems by fooling people into giving up passwords and sensitive information. I now work in security consulting teaching people how to defend against hackers.
Stu approached me a year ago to join forces with him and develop a product to help businesses defend themselves against social engineering. The goal was to develop a training program to educate employees on what to look for – teach them how to identify suspicious circumstances so they can know how to defend against them. We spent eight months developing our video training program. It's a holistic program to train users how to identify and respond to phishing emails, messages, IMs, Google chats, Facebook links, etc. We want to help them identify what types of red flags exist in these requests to open an attachment or click on a link.
There are three areas of security we focus on: people, processes and technology. There are a lot of good technology solutions out there, but what we found is most lacking is the people aspect. We've discovered it is really hard to distinguish the good from the bad. Hackers can make bad links and emails look quite legitimate. How do you ask good questions to ferret out the truth, and reduce the risk? The technique isn't 100% effective, but it raises the bar a significant percentage. It's important to invest some budget in the people area; this 90-second video can help you get that budget. Here is the whole interview at Spiceworks:
Tell us a bit about yourself and the work you are doing with Stu and Knowbe4
I used to be a hacker, but I did it for the challenge of it rather than the money. I wrote a book about it called the Art of Deception that covered a hacking technique called social engineering. This is a methodology to break into systems by fooling people into giving up passwords and sensitive information. I now work in security consulting teaching people how to defend against hackers.
Stu approached me a year ago to join forces with him and develop a product to help businesses defend themselves against social engineering. The goal was to develop a training program to educate employees on what to look for – teach them how to identify suspicious circumstances so they can know how to defend against them. We spent eight months developing our video training program. It's a holistic program to train users how to identify and respond to phishing emails, messages, IMs, Google chats, Facebook links, etc. We want to help them identify what types of red flags exist in these requests to open an attachment or click on a link.
There are three areas of security we focus on: people, processes and technology. There are a lot of good technology solutions out there, but what we found is most lacking is the people aspect. We've discovered it is really hard to distinguish the good from the bad. Hackers can make bad links and emails look quite legitimate. How do you ask good questions to ferret out the truth, and reduce the risk? The technique isn't 100% effective, but it raises the bar a significant percentage. It's important to invest some budget in the people area; this 90-second video can help you get that budget. Here is the whole interview at Spiceworks:
Related Pages: Kevin Mitnick