Black Hat USA celebrated passing the legal age for gambling with a record breaking 17,000 cyber security professionals embarking on Las Vegas for the 21st edition of the event – cementing its role as the ace in the pack of global security events.
Unveiling the latest research, developments and trends in the industry, the event provides a red-hot barometer for the need for security, and this year was no different. Speakers and exhibitors tackled some of the biggest topics affecting businesses today, ranging from hacking voice authentication and remote-controlling airplane hijacking to hacking emergency sirens and protecting self-driving cars.
Given the enormity of what was on show it’s tough to capture the entirety of the event, but here are some key observations and takeaways, as well as the highlights from Black Hat's annual survey, which was revealed ahead of the conference.
What are InfoSec professionals thinking?
Black Hat’s annual survey provided a rough idea of what respondents (largely InfoSec professionals at large US companies) are thinking and perceiving. Here are the highlights:
Politics are making cyber security more complex: Hackers are continually innovating in an attempt to ensure they get the upper hand on businesses. Jeff Moss, the founder and director of Black Hat, said he feels like the cyber security industry is now at a tipping point, and needs to prove “We're as good as we say we are.” He also discussed the nature of the technology being developed, which is mainly offensive, and how cyber defense is being increasingly influenced by politics, such as the General Data Protection Regulation (GDPR) and the potential implementation of similar laws in California.
AI technology is the future: AI in cyber security remains in its early stages. However, those organizations who are using AI effectively are getting a lot of value from the technology. At an AI and ML panel during the show, three recommendations were made for using AI. Firstly, start slow. Secondly, start now. Thirdly, ignore the industry hyperbole. As our platform utilizes the power of AI technology, we couldn’t agree more!
Hacking made easy: There was plenty of opportunity to see just how easy it is for cyber criminals to exploit various vulnerabilities. Voice authentication, in particular, was quickly proved extremely vulnerable as John Seymour and Azeem Aqil, security experts from Salesforce, broke into an account using a synthesized voice. Scarily, they managed to do the ‘hack’ with just 10 minutes of audio.
Voting machines was another hot topic, in the aftermath of reputable elections proving extremely difficult. In 2017, Carsten Schuermann, an Associate Profesor at IT University of Copenhagen, successfully hacked a WinVote electronic voting machine at DefCon. He followed this up at Black Hat by showing that while hacking voting machines is simple, actually confirming a hack has taken place is extremely difficult. Perhaps a return to paper ballots is due, if only to reinforce democracy??
The attack surface is spreading: Despite new tools and innovations being added, such as AI and automation, the attack surface continues to expand, driven by the abundance of new apps, connected devices and infrastructure. Black Hat exposed some pretty stark, frankly scary revelations, including hacks of aircrafts, connected IoT devices and more, which highlight the manifold risks we now face in all areas of our lives.
Overall, it was great to see so many cyber security professionals and visitors attending Black Hat, and with global cyber threats continuing to grab the headlines it seems the industry will continue to prosper. With record crowds and growing attack threats it is clear there is still a lot of work ahead, but as new technologies such as AI and ML continue to evolve and mature there’s plenty of hope for those of us providing the defense against the dark arts.
About Steve Abbott
Steve is CEO of DocAuthority. He is a security industry veteran with a proven track record for driving companies to revenue growth and market leadership. A strategist focused on product, service and promotions, Steve assists in establishing pricing structure, competitive landscape, analysing portfolio mix, developing new services, product strategy and road-map to help DocAuthority bring new products to the marketplace. Get in touch with Steve on LinkedIn.
by Alan Weintraub January 2019
by Mike Quinn December 2018