Reflections on Black Hat 2024: What We Learned and What’s Next (Part 1)

This is one of those blogs that I really enjoy writing. It’s based on a little experience, a little education, a little analysis, and a little advice. A nice little batch of gumbo, when it’s good, just put everything in it. 

So, beyond gratitude for air conditioning and hand sanitizer, what should we, as an industry, take away from the last few weeks?

Here’s a breakdown of the key takeaways:

1. CrowdStrike and Microsoft
2. AI (Artificial Intelligence)
3. Rising Data Security Concerns

Note: After putting pen to paper, I realized I had a bit more to discuss. To make this more digestible, I am going to break this collection of thoughts into two parts. The first part leans in on CrowdStrike and Microsoft and what I believe the market should be taking away from the issues that were experienced, and the second post to come next week will cover the review of some of the technical claims and goals I saw at the conference compared to RSA.

CrowdStrike & Microsoft: Lessons in Cyber Resilience

In my opinion, the dominant conversation across the floor was focused on a couple of security vendors. Whether it was an Azure availability issue or the omnipresent CrowdStrike channel file 291, there were plenty of discussions on recovery and, ultimately, the importance of cyber resilience across the industry. 

SC Magazine called it out thusly when talking about having more business leaders working with their security leaders in the meeting suites and walking the show floor:

Similarly, CSO Magazine calls out two different Black Hat speakers on the same track:

The Inflection Point: Cyber Resilience as a Cyber Outcome

I believe we have hit an inflection point in cybersecurity, where we can no longer point at the next actor, adversary, or nebulous “bad” human out there who is looking to specifically do myself, or my company, harm. 

• Do these people and organizations exist? Absolutely. 
• Are they actively targeting and attacking companies currently? Absolutely again.
• Should all companies be concerned about these external factors? Yes. Simply due to the interconnectedness of the internet, business relationships and connections, and the well-proven ability to move through one entity to gain access to another.
• Is the external focus of attacks the be-all and end-all of cybersecurity? No.

I mentioned the interconnectedness of networks and partner relationships above, which is as much an external driver as an internal one. 

In my opinion, cyber resilience is an outcome of an understood, practiced, and tested cybersecurity strategy and program that has reached across the different silos in a business to engage and coordinate with different stakeholders. From executives to different operational divisions, including legal, PR/Marketing, governance, compliance, and risk, every part of an organization must be engaged and coordinated. This holistic approach ensures that when something does go wrong, either from a bad actor, a drive-by ransomware, or a vendor that had an impactful mistake, the organization knows how to stay up, or even as a starting point, has discussed and tested how to recover as quickly as possible and in what order.

Cyber Resilience is a cyber outcome, not just a cybersecurity outcome. There’s a difference, and it’s one that the industry needs to fully embrace.

What’s Next? 

In my next post, I’ll go over the other two sections on AI/ML and why there were some differences between what was discussed at RSA vs. what was seen at Black Hat, along with some quick points on data security and how that market is shifting.

↑