August 6th also holds special meaning as it not only marks an important awareness initiative, but also the birthday of the legendary Kevin Mitnick, the "World's Most Famous Hacker." Kevin Mitnick, born on August 6th, 1963, would have turned 61 this year. Sadly, we lost Kevin in July 2023, but his impact on the cybersecurity landscape continues to resonate.
Our evangelists shared their favorite memories about Kevin below:
- Martin Kraemer - We designate national days to events or issues of particular importance, and so it is only right to draw attention to the biggest challenge in cyber security. Social engineering and the human element continue to account for the vast majority of all data breaches. That was true some 20 years ago when I first was a high school student and first heard of Kevin Mitnick, and that is true now. It is only fitting for social engineering day to be on Kevin's birthday, seeing that we owe so much of the significance of this day to him.
- Anna Collard - I remember going to a conference in Johannesburg 15+ years ago seeing Kevin Mitnick for the first time. Kevin shared some of his famous physical social engineering adventures and his stories are still so vivid in my memory like it was yesterday. Kevin's ability to engage the audience was one of a kind and he inspired me back then to pursue the human factors in cybersecurity. I was also privileged to then meet him in person many years later when joining KnowBe4 and he was so encouraging, welcoming, kind and funny. What I learnt from Kevin is that great hackers understand how people work as much as they understand technology. And it is that intersection of psychology and cyber that keeps me fascinated about this field on a daily basis. The complexity of what it means to be human, including cognitive, behavioral, psychological and situational factors that all interplay with each other provide a large attack surface to social engineers attempting to exploit those to manipulate, influence or scam us.
- Javvad Malik - The Art of Deception written by Kevin Mitnick and published in 2003, showcased many social engineering attacks and how effective they were - and most of them still apply equally well today. This is why National Social Engineering Day serves as a crucial reminder that even with all the technology in the world, all it takes is for a criminal to convince someone to take an action, and all of the security can be undone.
- Erich Kron - Kevin was always extremely personable and easy to talk to. His sense of humor and smile were infectious. I’ll never forget hanging out after dinner with Kevin and his wife Kimberly, after a very long day at RSA, as we told stories of the old days and chatted about how the cyber and technical world has changed so much. He was a one of a kind guy and will not be forgotten. Social engineering takes many forms, from email phishing, vishing, smishing, and even in-person attacks, and continues to be a leading cause of initial network access for bad actors. I've been fortunate enough to know and talk to some incredible social engineers such as Kevin Mitnick, Alethe Denis and others, (all doing it for good, not evil) and it has really opened my eyes to how easily people can be manipulated through emotional pressure. Understanding this is why I'm so passionate about helping potential victims learn to defend themselves against social engineering. If people ignore the emotional clues of social engineering, or even worse, simply don't know to look for them, it makes it very hard for them to defend against it. While National Social Engineering Day has a focus on how it is used in nefarious ways, it's important to remember that social engineering is simply shaping behavior based on how we act as humans. It has to do with understanding reward versus punishment, or the proverbial carrot versus stick approach, and can be used for good as well as evil.
- Roger A. Grimes - "Social engineering is involved in 70% to 90% of successful data breaches. No other root cause comes even close." "Kevin Mitnick was the OG of social engineering, and he shared how it's used and how to prevent it better than anyone."
- James McQuiggan - Your email is the electronic front door to your organization, bypassing all firewalls and other security technology. At home, you won't open your doors to strangers unless you're expecting a delivery. The same applies when cybercriminals try to get you to open that email. Be politely paranoid and check to ensure you're not being socially engineered through your email. Check the links and the source to see if you're not expecting it or if it is someone you don't know.
National Social Engineering Day serves as a reminder of the human element in cybersecurity – an aspect that Kevin Mitnick understood better than most. Social engineering, the art of manipulating people into divulging sensitive information, remains one of the most potent threats today.
This National Social Engineering Day, we encourage organizations worldwide to:
- Conduct new-school security awareness training for your employees
- Share Kevin Mitnick's story and the lessons he imparted
- Test your organization's resilience with simulated phishing exercises
- Review and strengthen your security policies and procedures
Let's use this day to recommit ourselves to this vital cause and honor the legacy of a true cybersecurity pioneer.
Remember, in Kevin's own words: "People are the weakest link. They can be manipulated or influenced into unknowingly helping hackers break into their organization's computers." Let's work together to strengthen that link.
Stay safe, stay aware, and keep Kevin's spirit alive in your cybersecurity efforts!
How BreachSim works:
