Introduction
Along with the RSA Conference, Black Hat USA is one of the two largest global cyber conferences of the calendar year. Black Hat USA 2024 was no exception in terms of event size, attendance volume, the high number of cyber vendors and the diversity of topics.
Last week Command Zero was in Las Vegas, NV to meet our customers and partners, as well as keeping up to date with the latest in cyber. The conference and the interactions we had during the event provided valuable insights into the current state of our industry and the challenges we face. Here are our key take aways and observations from this event:
Black Hat USA 2024 recap: Key take aways and observations
1.The CrowdStrike incident: Lessons learned for the industry
The recent CrowdStrike incident was undoubtedly one of the most discussed topics at Black Hat this year. While there was a palpable sense of understanding and empathy towards CrowdStrike, there was also frustration directed at vendors who opportunistically tried to capitalize on the situation.
Despite the mistakes leading to the incident, CrowdStrike did an excellent job handling the situation, communicating with customers/partners, and taking ownership (even accepting the Pwnie award for most epic fail). Post incident, CrowdStrike remains a formidable player in their segment. This event reminded us of how connected our world is, and how much responsibility we all carry towards maintaining our digital lives. Especially the role of SaaS vendors and cyber vendors is critical in delivering everyday services that billions of people rely on.
One of the impacts of this incident will be heightened hesitance for patching critical systems. Patching was already an imperfect process for most organizations. The loss of confidence caused by this incident will affect how it is perceived moving forward.
Unsurprisingly, the incident has sparked a renewed focus on resilience across the industry. There's much room for improvement, but we must also acknowledge that outages like this can and will happen. The key is to limit their impact and swiftly cycle to resilience.
The disruption caused by this incident also brought up conversations around platformization, and the subsequent reliance on single vendors. I firmly believe that the benefits of platforms still outweigh the risks. Both commercial and operational advantages to organizations are significant, and risks can be mitigated through improved architecture, better testing, and phased rollouts. Moving forward, customers aren't likely to move away from platforms due to business continuity risks, but they will demand higher standards and implement more stringent controls.
This incident also highlighted the importance of cyber insurance. We’re all familiar with invoking cyber insurance during a breach, but this incident reminded us that there’s more to these policies than direct cyber impact. Most of these policies cover business disruptions caused by IT systems, not limited to direct impacts of breaches. These policies remain a viable method to manage digital business risk. I advise reviewing policy limitations and making full use of this protection.
2. AI in cyber: Moving beyond the hype
With an estimated $27 billion spent on GenAI-related investments by 2027 (Source: IDC), we're finally moving past the peak of inflated expectations for AI in cybersecurity. The consensus is clear: chatbots alone won't solve our cybersecurity challenges. Customers are now seeking thoughtful AI implementations that address complex problems, and vendors who positioned AI as a silver bullet are facing a reality check.
While AI's role in cybersecurity is still being defined, the adoption of AI in non-cyber departments is imminent, perhaps growing even faster. A number of CISOs have planned securing organizational AI use for 2024.
3. Election security: A growing concern
With the upcoming 2024 US presidential elections, the risks posed by hacktivism and nation-state actors were a significant talking point at Black Hat. Major concerns for election security are direct attacks to political parties and election systems, along with foreign social media campaigns to influence voters and the overall integrity of elections. The recent news about election campaign breaches, such as the one affecting the Trump campaign or Google’s advisory about ramped up phishing campaigns targeting election campaigns, only underscore this urgency. The headlines from this week were likely the first of many between now and November.
4. The privacy vs. security dilemma
The world is getting more aware and demanding about privacy of data. We're seeing increasingly stringent privacy requirements for both employees and customers. These are great improvements for protecting these data from organizations. Yet, these restrictions are making security operations more challenging. While we block employee access to these data or stop collecting these data to raise the bar in privacy, we are sacrificing security capabilities that help protect these data, and data owners (individuals in this context) in the first place. As a result, we are likely increasing the overall risk levels for these data and individuals being exposed to attackers.
This raises an interesting dilemma: how can we ensure complete privacy if we can't deliver high standards of cyber security? Privacy of individuals and security of organizations and individuals go hand in hand when it comes to the overall community being resilient. This is a delicate problem that our industry must address.
5. Increasing personal burden and legal risks for CISOs and cyber teams
In recent years, the levels of accountability and responsibility for cyber teams has increased significantly. CISOs and cyber teams are finding themselves burdened by more legal and regulatory issues than before.
Recent cases, like that of SolarWinds' Tim Brown (Source: SEC), have showcased the individual regulatory and criminal liability that senior security leaders may face for alleged corporate reporting failures.
In an adjacent requirement, the SEC's cybersecurity disclosure requirements mandate necessary reporting in case of a breach. Yet, these requirements lack specific guidelines, creating more ambiguity for security leaders. This first step towards cyber disclosures presents an opportunity for CISOs to build their own best practices for improved transparency.
Regulatory requirement or not, we need better ways to investigate cases and handle incidents. This is precisely what we're focusing on at Command Zero. Our platform is the first autonomous and user-led solution designed to augment all analysts, addressing these pressing needs in incident response and investigation.
Conclusion
In conclusion, Black Hat USA 2024 provided a clear picture of where we stand as an industry and where we need to go. As we navigate these challenges, collaboration, innovation, and a renewed focus on resilience will be key to our collective success.