Steve Abbott

Steve Abbott

August 2018

Insider

What we saw at Black Hat USA 2018

Black Hat USA celebrated passing the legal age for gambling with a record breaking 17,000 cyber security professionals embarking on Las Vegas for the 21st edition of the event – cementing its role as the ace in the pack of global security events.

Unveiling the latest research, developments and trends in the industry, the event provides a red-hot barometer for the need for security, and this year was no different. Speakers and exhibitors tackled some of the biggest topics affecting businesses today, ranging from hacking voice authentication and remote-controlling airplane hijacking to hacking emergency sirens and protecting self-driving cars.

Given the enormity of what was on show it’s tough to capture the entirety of the event, but here are some key observations and takeaways, as well as the highlights from Black Hat's annual survey, which was revealed ahead of the conference.

What are InfoSec professionals thinking?

Black Hat’s annual survey provided a rough idea of what respondents (largely InfoSec professionals at large US companies) are thinking and perceiving. Here are the highlights:

  • Nearly six in 10 respondents (59%) believe they will need to respond to a major security breach in their own organization in the coming year; most do not believe they have the staffing or budget to defend adequately against current and emerging threats.
  • When asked which activities consume the greatest amount of time during an average day: ‘the effort to keep my organization in compliance with industry and regulatory security guidelines’ and ‘The effort to accurately measure my organization's security posture and/or risk’. Both of these items rank higher than they did from last year's respondents, with the number of responses about compliance increasing by 5% from 2017.

  • Respondents have different views on the likelihood of data breaches than they did last year: the number who are certain their organization will have a breach in the next twelve months has dropped, but the number of respondents who believe it is ‘highly likely’ has increased. An ambitious 11% believe a breach at their organization is ‘highly unlikely’.

  • The three greatest concerns for this audience are ‘sophisticated attacks targeted directly at the organization’, phishing or social engineering attacks, and accidental data leaks from end users who fail to follow policies.

  • One new concern this year that wasn't present last year: ‘the potential compromise of cloud services provides that my organization relies on’, which speaks to the increasing level of concern and visibility over third-party compromises.

  • The technology respondents trust most to secure their data is encryption, and the two technologies they trust the least to secure their data are data loss prevention tools and passwords.

Key observations and takeaways

Politics are making cyber security more complex: Hackers are continually innovating in an attempt to ensure they get the upper hand on businesses. Jeff Moss, the founder and director of Black Hat, said he feels like the cyber security industry is now at a tipping point, and needs to prove “We're as good as we say we are.” He also discussed the nature of the technology being developed, which is mainly offensive, and how cyber defense is being increasingly influenced by politics, such as the General Data Protection Regulation (GDPR) and the potential implementation of similar laws in California.

AI technology is the future: AI in cyber security remains in its early stages. However, those organizations who are using AI effectively are getting a lot of value from the technology. At an AI and ML panel during the show, three recommendations were made for using AI. Firstly, start slow. Secondly, start now. Thirdly, ignore the industry hyperbole. As our platform utilizes the power of AI technology, we couldn’t agree more!

Hacking made easy: There was plenty of opportunity to see just how easy it is for cyber criminals to exploit various vulnerabilities. Voice authentication, in particular, was quickly proved extremely vulnerable as John Seymour and Azeem Aqil, security experts from Salesforce, broke into an account using a synthesized voice. Scarily, they managed to do the ‘hack’ with just 10 minutes of audio.

Voting machines was another hot topic, in the aftermath of reputable elections proving extremely difficult. In 2017, Carsten Schuermann, an Associate Profesor at IT University of Copenhagen, successfully hacked a WinVote electronic voting machine at DefCon. He followed this up at Black Hat by showing that while hacking voting machines is simple, actually confirming a hack has taken place is extremely difficult. Perhaps a return to paper ballots is due, if only to reinforce democracy??

The attack surface is spreading: Despite new tools and innovations being added, such as AI and automation, the attack surface continues to expand, driven by the abundance of new apps, connected devices and infrastructure. Black Hat exposed some pretty stark, frankly scary revelations, including hacks of aircrafts, connected IoT devices and more, which highlight the manifold risks we now face in all areas of our lives.

Conclusion

Overall, it was great to see so many cyber security professionals and visitors attending Black Hat, and with global cyber threats continuing to grab the headlines it seems the industry will continue to prosper. With record crowds and growing attack threats it is clear there is still a lot of work ahead, but as new technologies such as AI and ML continue to evolve and mature there’s plenty of hope for those of us providing the defense against the dark arts.

About Steve Abbott

Steve is CEO of DocAuthority. He is a security industry veteran with a proven track record for driving companies to revenue growth and market leadership. A strategist focused on product, service and promotions, Steve assists in establishing pricing structure, competitive landscape, analysing portfolio mix, developing new services, product strategy and road-map to help DocAuthority bring new products to the marketplace. Get in touch with Steve on LinkedIn.

Recent posts

glenn-carstens-peters-203007-unsplash

Information Management

Your Information Catalog is the first step towards Information Governance

I have worked with many organizations to develop their information governance program.  The first step I always ask them to do is to develop a macro ...

by Alan Weintraub January 2019

nasa-53884-unsplash (1)

Ponemon

Research launch reveals the business value of data

Last week we launched our ground-breaking research into the value of business data with the Ponemon Institute. Launch attendees were given a sneak ...

by Mike Quinn December 2018

bigstock-Data-Analysis-Diagram-Graph-In-131178551

Information Management

Making Records Managers Information Heroes

Records Managers have always struggled to be viewed as providing strategic value to their organization.  If you look at the history of records ...

by Alan Weintraub December 2018

Receive the latest posts