Big companies need to train staff about security

The world’s largest hacking convention in Las Vegas has been blaming the fact that big corporations are easy to crack because workers are poorly trained in security.

According to Reuters, hackers taking part in the Defcon competitions over the weekend found it ridiculously easy in some cases to trick employees at some of the largest US companies to reveal information that can be used in planning cyber attacks against them.

Employees were fooled into using their corporate computers to browse websites the hackers suggested.

One contestant pretended to work for a company’s IT department and persuaded an employee to give him information on the configuration of her PC, data that could help a hacker decide what type of malware would work best.

Oracle was the worst offender with its staff really keen to help hackers load malware into their systems. More data was handed over by Oracle staff than any other company.

Ironically, Oracle got its start more than 30 years ago by selling secure databases to the Central Intelligence Agency.

Other outfits which gave away too much included Apple, AT&T, ConAgra Foods, Deltair Lines, Symantec,United Continental, United Airlines and Verizon Communications.

It is the second time that Defcon has held a “social engineering” contest.

Contestants had to get specific information from their targets, including how the outfit backs up and secures its data, wireless network use, and the names of companies that provide on-site security, toner and copier paper.