In case you missed it, or you just want to watch this amazing webinar again, here’s Kevin Mitnick, the world's most famous hacker, educating us on how hackers breach and jeopardize our businesses and homes. You can watch now here.
Kevin grew up during the early days of computer hacking when pranking and breaking into businesses were usually done through phones, not the Internet. His natural talents as a budding magician and phone hacker came into play in a variety of schemes like taking over a McDonald’s drive-through ordering system. His skills naturally developed toward the Internet. After breaking into the likes of Motorola and NORAD, a judge finally slapped Kevin with a 5-year jail term.
Fortunately for all of us, Kevin Mitnick turned his knowledge into helping organizations learn their own vulnerabilities and prevent cybercrime rather than perpetrate it. Kevin is the CEO of Mitnick Security, and his global ghost team of ethical hackers maintains a 100% successful record in their ability to penetrate the security of any system they are paid to hack into, using a combination of technical exploits and social engineering. Now he’s a New York Times bestselling author and cybersecurity keynote speaker. He joined us for an hour-long conversation on May 19th.
In our interview, Kevin Mitnick reviewed some of the most common ways that hackers breach company endpoints and consumer accounts, including phishing scams, the Log4J vulnerability, ransomware attacks, and, most commonly, password security issues. Login credentials are especially vulnerable because users reuse their passwords on multiple apps and devices, and fail to update them regularly with new, strong passwords. Instead, they use simple, easy-to-remember phrases, such as their dog’s name followed by a single number or date. Then, they update the password periodically with a new date or number. Hackers can easily discover these updates using credential stuffing and lists of stolen identities.
In addition, Kevin showed us how easy it is for a hacker to discover passwords and exploit login information for an entire company once a single credential is captured. This process can lead to widespread data breaches, such as the Colonial Pipeline breach, and millions of dollars in damages.
Thankfully, Kevin has plenty of sage advice for consumers and businesses to protect themselves from data breaches and financial damage. Kevin even revealed that he is a LastPass customer. We’re proud to have him and his team on board!
Kevin discussed the importance of password security, both at home, at work, and working from home, and what steps companies should have in place, including:
- A reputable password management application that’s easy to use, centralized, and facilitates using strong passwords, multi-factor authentication, monitoring, and reporting
- Zero-trust architecture to prevent hackers from accessing high-level passwords
- Advanced security measures such as Yubikey and Endpoint Detection and Response (EDR) software
- Education and training for all users on the risks, vulnerabilities, and best practices for password security
- Keeping operating systems and apps up-to-date to prevent vulnerabilities
- Maintaining a culture of users that’s security-aware and consistently using password security hygiene
