Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/30/2020
12:00 PM
Dan Lowden
Dan Lowden
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Black Hat Virtually: An Important Time to Come Together as a Community

The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.

It's an odd dichotomy for cybersecurity leaders and vendors this summer: Many of us are gearing up for Black Hat USA 2020, long one of the most influential conferences in the industry. But none of us are booking plane tickets, setting aside (just a little bit of) cash for the blackjack tables, or booking dinner meetings at whichever steakhouse doesn't require going out into the Las Vegas heat. Everything is online this year, from the show floor to the breakout sessions to the prospect meetings we're all still scrambling to schedule.

The big challenge for the cybersecurity community this time around is creating the same engagement and enthusiasm for the event that we have when we can all be in the same convention halls, suites, dinner venues, and late-night events at Mandalay Bay. The importance of the event hasn't changed a whit; this is one of the community's best opportunities to come together, share what we've learned in the past months, and plan for how we'll protect each other and the public for the remainder of this pandemic and beyond.

COVID's emergence posed an obvious, real, and ongoing health crisis, but the subsequent efforts to keep businesses up and running with a remote workforce posed a different crisis. The attack surface surrounding the remote worker — especially for businesses that hadn't had robust remote work toolings in place to begin with — is significant. Many businesses had to prioritize new IT and security projects to accommodate new solutions to handle a remote workforce, according to a new report from McKinsey. WIRED wrote of the technical shortcomings schools faced before COVID arrived, which were exacerbated by the abrupt shift to online learning. And for enterprises that had not moved to a fully digital world, the rush to do so — which was an impressive accomplishment, to be sure — opened security gaps that need to be addressed now. At Black Hat virtual, we need to ensure we collaborate to stay protected as bad actors always follow the money. For instance, DHS and the Cybersecurity and Infrastructure Security Agency published an alert on how threat actors are taking advantage of COVID to put a new face on familiar, classic attack vectors.

What concerns me the most about the moment we're in right now is that the bad actors are getting more sophisticated by the day. The simple attacks don't work as often anymore. I've seen this script numerous times in the course of my career when I look at the work our research teams publish. What worked six months ago may not work now. The only way we can fight back against a more sophisticated opponent is through knowledge-sharing and collective protection, both formal and informal. I'm grateful that the Black Hat community is there to swap war stories of how we've succeeded — and failed — against adversaries. Those conversations, even digitally, will make the difference. Cybersecurity is a team sport.

The conversations that the cybersecurity community will have at this year's Black Hat (and at the subsequent DEF CON) will be instrumental in shaping how we all respond going forward as the world has changed. It's our responsibility, as a security community, to take this digital conference just as seriously as we would take an in-person one. We need to collaborate with the practitioners, decision-makers, and yes, even vendors to work together collectively against attackers.

Looking on the bright side, a digital event will make life infinitely easier for attendees and vendors in a lot of ways. Attendees will be able to participate in virtual one-on-one meetings as well as visit more panels and breakouts than they might have at a traditional physical event, as will vendors. Not to mention, of course, the airfare and hotels. I myself am planning to spend much of my time in virtual meetings with our technical teams and customers, and in our virtual booth, because the conversations you have there are often the most authentic ones in the whole event.

What I will miss the most is directly engaging face-to-face with customers who have become friends, catching up with fellow security leaders, and discovering new ways we can all help the security ecosystem get stronger. I have been impressed by Black Hat's efforts to try to replicate this virtually, as I can't imagine how difficult it is to pull this off in a matter of months, but I'm fully expecting this year's virtual event to be as consequential as any other.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Dan has more than 20 years of executive-level experience in the technology and cybersecurity markets. He is the CMO at White Ops and has previously worked for large enterprise cybersecurity companies Digital Shadows, Invincea (acquired by Sophos), and vArmour, successfully ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5991
PUBLISHED: 2020-10-30
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
CVE-2020-15273
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can ac...
CVE-2020-15276
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1.
CVE-2020-15277
PUBLISHED: 2020-10-30
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1.
CVE-2020-7373
PUBLISHED: 2020-10-30
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is ...