This Week Health

Don't forget to subscribe!

Social Engineering, what is it and what to do about it.


Today in health, it. We're going to take a look at social engineering. My name is spelled Russell. I'm a former CIO for a 16 hospital system and creator of this week health, a set of channels dedicated to keeping health it staff current. And engaged. We want to thank our show sponsors who are investing in developing the next generation of health leaders.

Gordian dynamics, Quill health towel, site nuance, Canon medical, and current health. Check them out at this week. I know my cadence is a little off today, but we'll see what happens. A story built It's called what is social engineering? You look into this fist kitted world of psychological cyber crime.

I just got off the line with Drax and we talked about this. It will be on the. , news day show a week from Monday. But, , I liked the story and I thought I would share So a social engineer. , social engineering essentially is a confidence game. It's a, it's a con artist. Coming at you and utilizing various aspects of your personality.

In order to get information from you. And to do crazy things way back in 1992, Kevin Mitnick once known as the world's most wanted hacker persuaded someone at Motorola. To give him the source code for its new flip phone. And, , you know, it's, it's again. How do you do such things? It's called social engineering.

So social engineers often see personal information such as passwords and credit card numbers. They may also have large-scale goal in mind, an example, compromising a company's cybersecurity measures to gain access to confidential customer records. In 2021, a record number of cyber crime complaints, largely a product of this kind of online scamming complaints led to nearly $7 billion in losses and plenty of prominent players.

Have been snuckered. Wow. They actually use that in a sentence. Amazing. Including the associated press, target, Sony pictures, Yahoo, the democratic national convention, and even the U S department of justice. So. , it almost doesn't matter what size you are. You can get exploited. So what are they exploiting?

And I like this list. So they have social engineers, exploit, kindness, social engineers, manipulate. , manipulates respect for authority. Social engineering takes advantage of human nature. Social engineering requires confidence in social engineering, capitalizes on online sharing. Let me give you a little piece of each one of these things. They go into some detail. I'm just going to give you a little.

, Let's see, that's a story. Let's start with exploit's kindness. So. Sal live free. Who spent 20 years in New York city cop before founding his company, protective countermeasures says our innate tendency to be of assistance to others is especially exploitable. That's certainly true in the blo example of something called vishing voice solicitation, the expert demonstrator easily dupes her mark.

By pretending she is frazzled. A frazzled mother holding a crying baby while impersonating a man's wife. The woman is able to convince the phone service rep to give her information about the account. All right. And then they have a video here to show it to you. It's pretty interesting. , social engineering, manipulates, respect for authority while some of these attacks employ demands whereby the target is strong, armed into capitulating and authority tack.

Can be trickier to pull off Trayv Harman, founder and CEO of Triton technologies says that. Has a lot to do with upbringing. If you were taught that people in authority, authoritative positions. We're perceived. Ones. Even perceived ones. Are to be trusted all of a sudden, an email from an admin at Microsoft that says we found a virus on your computer seems credible.

, it takes advantage of human nature. , this is probably pretty obvious. I mean, you and nature is you want to help somebody and they will take advantage of that. , requires confidence. Lots of social engineering plays, , out entirely online where perpetrators can hide behind their screens and keyboards and wear things like tone of voice. Facial expressions and body language are immaterial. When a scam requires more personal elements, such as phone calls or in person

Those facets become much more significant confidence. Therefore is , it surely wasn't 2007 when a man absconded with 28 million in loose diamonds from five safe deposit boxes at the, at a Belgian bank passing himself off as a businessman named Carlos Hector. Flaman bomb.

Well, there you go. He'd been a regular customer for at least a year prior ingratiating himself with the employees. Through charm and chocolates. Flaman bomb. Became so trusted and beloved, in fact that he was granted. A coveted vault key. That allowed him access during off hours. There you go. , and capitalizes on online sharing.

You know, we, we have lots of ways to do that. They, , give some social engineering examples. The baiting meeting involves Loring potential targets. By offering them some sort of reward. Diversion theft, diversion theft occurs when targets are conned into rerouting A destination of goods or confidential information honeytrap and a honeytrap scenario, attackers seduce their targets into giving up personal information or compromising sensitive work.

A quid pro quo. Schemes and tastes targets with the promise of goods and services in exchange for information fishing. We all know what fishing is. Pretexting when using pretexting scammers will lie about who they are or create a fictional scenario to extract sensitive personal information. , rogue attacks, trick targets into buying fake and malicious security software that deploys ransomware.

That's that's harsh. Spear fishing. We know what that is. Artificial intelligence defects The fakes are AI generated video. Or audio that can be used to mimic politicians and celebrities, or even the average person's colleagues, friends, or family so far, legally unregulated deep fakes will soon be easier to make.

Then they already are tougher to spot and widely disseminated. So at some point you might see a deep fake of me saying something silly, just no. It's not me. Or you can just send me an email and I'll tell you whether it was me or not. How can you protect yourself from social engineering? There's no single solution, but there are ways.

To more consistently mitigate the effects of social engineering in many forms. Armor's tech is to remove the weak link, meaning humans. Wow. This company says it's true, but it's just a wow factor. , his company, he says uses physical fail safes. That include multi-factor authentication. That makes sense.

One more element. , elemental level Harman's directive. Is this change your mentality. Learn not to trust. Whether it's a critical email from seemingly familiar source. A call from the IRS threatening and punishment for nonpayment or back taxes or audio video of a public figure. You're saying something that doesn't really jive.

With past statements, various companies offer fee-based antisocial engineering training online. One of the most prominent, no. Before goes beyond warnings and words to feature unlimited. Simulated social engineering attacks through email, phone and text. Interesting. , we do that. We do that online, but, , or we do that within our health systems, but now you can do

Personally, anyway, social engineering, social engineering is still a significant source of a majority of attacks. , you know, usually I do a, so what on these things, but this one is just more educational is it was interesting to talk to directs about it. , I think the, so what is going to be that these attacks are sophisticated? Are they are.

Fairly sophisticated. Now they're going to get more sophisticated as we move forward and we are going to have to keep upping our game. Keep learning, keep training our end users. And our hospital systems to know these fakes. And then we're going to have to protect them and just expect a certain amount of them to fall prey to those attacks.

And be able to protect them when that does happen. So that's my, so what on that? And that's all for today. If you know someone that might benefit from our channel, please forward them They can subscribe on our website this week, or wherever you listen to podcasts, apple, Google, overcast, Spotify, Stitcher.

Thank You to Our Show Sponsors

Our Shows

Solution Showcase This Week Health
Keynote - This Week Health2 Minute Drill Drex DeFord This Week Health
Newsday - This Week HealthToday in Health IT - This Week Health

Related Content

1 2 3 251
Transform Healthcare - One Connection at a Time

© Copyright 2023 Health Lyrics All rights reserved