Reflections on Black Hat 2024: What We Learned and What’s Next (Part 1)

By Neal Humphrey, VP, Market Strategy

Estimated Reading Time: 4 minutes

This is one of those blogs that I really enjoy writing. It’s based on a little experience, a little education, a little analysis, and a little advice. A nice little batch of gumbo, when it’s good, just put everything in it. 

So, beyond gratitude for air conditioning and hand sanitizer, what should we, as an industry, take away from the last few weeks?

Here’s a breakdown of the key takeaways:

  1. CrowdStrike and Microsoft
  2. AI (Artificial Intelligence)
  3. Rising Data Security Concerns

Note: After putting pen to paper, I realized I had a bit more to discuss. To make this more digestible, I am going to break this collection of thoughts into two parts. The first part leans in on CrowdStrike and Microsoft and what I believe the market should be taking away from the issues that were experienced, and the second post to come next week will cover the review of some of the technical claims and goals I saw at the conference compared to RSA.

CrowdStrike & Microsoft: Lessons in Cyber Resilience

In my opinion, the dominant conversation across the floor was focused on a couple of security vendors. Whether it was an Azure availability issue or the omnipresent CrowdStrike channel file 291, there were plenty of discussions on recovery and, ultimately, the importance of cyber resilience across the industry. 

SC Magazine called it out thusly when talking about having more business leaders working with their security leaders in the meeting suites and walking the show floor:

“Security executives are increasingly aware that effective cybersecurity requires collaboration across departments. By fostering a culture of shared responsibility, organizations can ensure that security measures are integrated into every aspect of their operations. This holistic approach enhances security and also improves overall organizational resilience.”

Similarly, CSO Magazine calls out two different Black Hat speakers on the same track:

“The emphasis on resilience was echoed by experts like Hans de Vries, COO of the European Union Agency for Cybersecurity, who, during the opening keynote roundtable, warned delegates that the industry needs to be prepared for more supply chain attacks, which, like the CrowdStrike validation failure, put CISO’s resiliency plans to the test.“

“Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, said the incident emphasizes the importance of security vendors developing a secure-by-design approach. Organizations need to bolster their cyber resilience, Easterly said, according to SC Media, adding that adversarial nations such as China or North Korea would likely exploit any weaknesses.” 

The Inflection Point: Cyber Resilience as a Cyber Outcome

I believe we have hit an inflection point in cybersecurity, where we can no longer point at the next actor, adversary, or nebulous “bad” human out there who is looking to specifically do myself, or my company, harm. 

  • Do these people and organizations exist? Absolutely. 
  • Are they actively targeting and attacking companies currently? Absolutely again.
  • Should all companies be concerned about these external factors? Yes. Simply due to the interconnectedness of the internet, business relationships and connections, and the well-proven ability to move through one entity to gain access to another.
  • Is the external focus of attacks the be-all and end-all of cybersecurity? No.

I mentioned the interconnectedness of networks and partner relationships above, which is as much an external driver as an internal one. 

In my opinion, cyber resilience is an outcome of an understood, practiced, and tested cybersecurity strategy and program that has reached across the different silos in a business to engage and coordinate with different stakeholders. From executives to different operational divisions, including legal, PR/Marketing, governance, compliance, and risk, every part of an organization must be engaged and coordinated. This holistic approach ensures that when something does go wrong, either from a bad actor, a drive-by ransomware, or a vendor that had an impactful mistake, the organization knows how to stay up, or even as a starting point, has discussed and tested how to recover as quickly as possible and in what order.

Cyber Resilience is a cyber outcome, not just a cybersecurity outcome. There’s a difference, and it’s one that the industry needs to fully embrace.

What’s Next? 

In my next post, I’ll go over the other two sections on AI/ML and why there were some differences between what was discussed at RSA vs. what was seen at Black Hat, along with some quick points on data security and how that market is shifting.

Neal Humphrey, VP, Market Strategy

Throughout his 20 year career in the security industry Neal has held a variety of roles including Principal Security Engineer at SourceFire, Technical Solutions Architect for Cisco, and as a Director of Threat Intelligence Engineers at ThreatQuotient. Neal has worked with small to medium sized businesses as well as enterprise level organizations to help their security teams identify and solve Cybersecurity Operation challenges, as well as help them understand and mature Security Architectures and processes.

Read Posts

Share

LinkedIn Twitter YouTube

Subscribe to the Deepwatch Insights Blog