Black Hat USA turned 21 this year. Since the conference was founded in 1997, cybersecurity threats have evolved—and that’s putting it lightly, considering the first self-encrypting Windows virus was discovered in 1997. Today’s security professionals face much more frightening threats.
Black Hat 2018 was host to 19,000 security pros, 300 speakers, 120 briefings, 80 technical trainings, and 19 hacker parties. There’s so much activity it’s impossible to capture all the cybersecurity education and sleep.
It’s also nearly impossible to sum it all up, but I gave it my best shot. From all the briefings, events, and conversations I enjoyed, I left with five major takeaways on the state of security.
1. Unprotected endpoints are today’s biggest cybersecurity threats
When asked if they think they’ll have to handle a security breach incident in the next 12 months, 69 percent of respondents to Black Hat’s survey said it’s somewhat or very likely. This year, the most-discussed cybersecurity threat was endpoint and IoT vulnerabilities, with plenty of demonstrations of how insecure endpoints can be exploited:
- Researchers showed how smart speakers could be invisibly hacked and turned into listening devices to spy on customers.
- European researchers successfully used radio frequency to crack the data encryption on a mobile endpoint in close proximity.
- Smart medical device hacks were rampant, including demo attacks on pacemakers, insulin pumps, and monitoring devices.
- Researchers found that hackers could sow chaos by compromising smart city gear.
- The satellite communication system that guides ships, airplanes, and military units were shown to have some critical flaws.
The endpoint focus at Black Hat 2018 reflects a greater trend in the industry. Smart, connected devices, like printers, can be among the biggest vulnerabilities on a company network if overlooked. “CISOs are very focused on how to secure what they have,” said HP Head of Security Practice Michael Howard.
2. Engineered security is the new standard
Too many stand-alone solutions and a lack of visibility is the third biggest reason enterprise security fails, according to respondents in the Black Hat survey. Thirty-six percent of CISOs say they spend most of their day trying to accurately measure security and risk. They’re sick of it, and they’re asking for more from their vendors.
“Security baked into technology rather than bolted on should be the standard,” said Venture Capitalist and conference attendee Kelley Mak. “We consistently hear from CISOs . . . that their environment is complex enough. Let’s make security easier to accomplish with the tools that people are already invested in.”
“CISOs are desperate for solutions to secure existing endpoints and vendor-neutral advice on basic best practices,” confirmed Howard. They’re beginning to demand endpoints engineered for security and can self-heal from attack, like HP printers, which come equipped with device security features right out of the box.
3. Security is ready to bite back
I attended the first-ever research briefing on IoT malware. While the threats are serious, clustering analysis revealed that malware infections can be prevented at least 90 days before infection with the appropriate knowledge and best practices. Then, in Michael Howard’s briefing, he challenged organizations to ensure all network devices are cyber resilient.
There was palpable energy during the parties, briefings, and cybersecurity education activities. Security pros know they’re being tested, but they’re prepared. The vast majority of threats can be prevented with best practices and smarter endpoints.
In other words, the security community is ready to bite back:
4. Analytics is rising to new heights
It was evident at Black Hat that analytics and big data are playing an increased role in fighting cybersecurity threats. Data analysis is a lifeline for many organizations. The average security operations center can respond to over 100,000 events each day, most of them false. The leading vendors are integrating analytics into devices to reduce alert fatigue and simplify security.
5. All-encompassing dashboards will replace temporary fixes
In the opening keynote to Black Hat 2018, Google’s Head of Engineering Parisa Tabriz gave over 10,000 spectators a relatively simple call to arms. “I think we all need to do a better job of understanding and tackling the root causes of bad security,” said Tabriz. “We can’t be satisfied with only isolated fixes.”
CISOs are up against a lot of different threats. Black Hat 2018 attendees named the top five weakest links in IT security as:
- Insider error
- Lack of a comprehensive strategy
- An overabundance of security data
- Unsecured products and endpoints
- Cloud risks
There’s no way you can tackle all these priorities at once, so it’s time for CISOs to understand and prioritize their risks. Instead of temporary bandages, it’s time for dashboards, network assessments, and analytics to understand the sources of security threats.
Black Hat 2018 was host to flashy cybersecurity demos, but I learned the industry is ready to focus on the basics and bite back. Security professionals are overwhelmed, but they’re ready to prioritize risks with engineered security, analytics, and strong frameworks.
Looking for more security insights from this year’s Black Hat conference? Check out “Black Hat 2018: Michael Howard talks IoT technology risks,” “Black Hat 2018: I partied with The Fixer and 17,000 hackers,” and “Black Hat 2018: 6 cybersecurity secrets straight from the experts.”