Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/30/2020
12:00 PM
Dan Lowden
Dan Lowden
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Black Hat Virtually: An Important Time to Come Together as a Community

The significance of this year's event hasn't changed a whit. It's an opportunity to share what we've learned, and plan how to protect each other and the public for the remainder of the pandemic and beyond.

It's an odd dichotomy for cybersecurity leaders and vendors this summer: Many of us are gearing up for Black Hat USA 2020, long one of the most influential conferences in the industry. But none of us are booking plane tickets, setting aside (just a little bit of) cash for the blackjack tables, or booking dinner meetings at whichever steakhouse doesn't require going out into the Las Vegas heat. Everything is online this year, from the show floor to the breakout sessions to the prospect meetings we're all still scrambling to schedule.

The big challenge for the cybersecurity community this time around is creating the same engagement and enthusiasm for the event that we have when we can all be in the same convention halls, suites, dinner venues, and late-night events at Mandalay Bay. The importance of the event hasn't changed a whit; this is one of the community's best opportunities to come together, share what we've learned in the past months, and plan for how we'll protect each other and the public for the remainder of this pandemic and beyond.

COVID's emergence posed an obvious, real, and ongoing health crisis, but the subsequent efforts to keep businesses up and running with a remote workforce posed a different crisis. The attack surface surrounding the remote worker — especially for businesses that hadn't had robust remote work toolings in place to begin with — is significant. Many businesses had to prioritize new IT and security projects to accommodate new solutions to handle a remote workforce, according to a new report from McKinsey. WIRED wrote of the technical shortcomings schools faced before COVID arrived, which were exacerbated by the abrupt shift to online learning. And for enterprises that had not moved to a fully digital world, the rush to do so — which was an impressive accomplishment, to be sure — opened security gaps that need to be addressed now. At Black Hat virtual, we need to ensure we collaborate to stay protected as bad actors always follow the money. For instance, DHS and the Cybersecurity and Infrastructure Security Agency published an alert on how threat actors are taking advantage of COVID to put a new face on familiar, classic attack vectors.

What concerns me the most about the moment we're in right now is that the bad actors are getting more sophisticated by the day. The simple attacks don't work as often anymore. I've seen this script numerous times in the course of my career when I look at the work our research teams publish. What worked six months ago may not work now. The only way we can fight back against a more sophisticated opponent is through knowledge-sharing and collective protection, both formal and informal. I'm grateful that the Black Hat community is there to swap war stories of how we've succeeded — and failed — against adversaries. Those conversations, even digitally, will make the difference. Cybersecurity is a team sport.

The conversations that the cybersecurity community will have at this year's Black Hat (and at the subsequent DEF CON) will be instrumental in shaping how we all respond going forward as the world has changed. It's our responsibility, as a security community, to take this digital conference just as seriously as we would take an in-person one. We need to collaborate with the practitioners, decision-makers, and yes, even vendors to work together collectively against attackers.

Looking on the bright side, a digital event will make life infinitely easier for attendees and vendors in a lot of ways. Attendees will be able to participate in virtual one-on-one meetings as well as visit more panels and breakouts than they might have at a traditional physical event, as will vendors. Not to mention, of course, the airfare and hotels. I myself am planning to spend much of my time in virtual meetings with our technical teams and customers, and in our virtual booth, because the conversations you have there are often the most authentic ones in the whole event.

What I will miss the most is directly engaging face-to-face with customers who have become friends, catching up with fellow security leaders, and discovering new ways we can all help the security ecosystem get stronger. I have been impressed by Black Hat's efforts to try to replicate this virtually, as I can't imagine how difficult it is to pull this off in a matter of months, but I'm fully expecting this year's virtual event to be as consequential as any other.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Dan has more than 20 years of executive-level experience in the technology and cybersecurity markets. He is the CMO at White Ops and has previously worked for large enterprise cybersecurity companies Digital Shadows, Invincea (acquired by Sophos), and vArmour, successfully ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.