Recently, Netlok’s top executives attended two of the cyber security’s leading conferences, Black Hat and DEFCON, to get up to speed on the latest trends and issues in one of the world’s hottest fields of interest.
The two conferences were held back-to-back earlier this month in Las Vegas, with Black Hat drawing more than 17,000 attendees and DEFCON attracting 27,000 people from more than 120 countries.
Black Hat is devoted to education and technical training for computer professionals, business executives, security practitioners, and general interest consumers.
DEFCON is one of the world’s largest hacker conventions and brings together cybersecurity professionals, journalists, lawyers, government employees, security researchers, students, and hackers from all over the world to help educate, inform and learn how to make the internet a safer place for all. Its program offerings and activities – including games and contests – are designed to encourage participants to think outside the box and innovate.
If you didn’t get a chance to attend, the following are some of the key takeaways that illustrate where cybersecurity is moving as an industry and what you can expect in terms of where online security measures are concerned.
The Search for Innovation.
Business and government participants agree that all organizations need to seek out innovative solutions to solve cyber problems because nation-states and well-funded criminal organizations are technically ahead of most business and governmental entities when it comes to cybersecurity. They also agree that the solutions will probably come from smaller, entrepreneurial entities that can respond faster and more creatively to solving emerging cyber threats.
Escape from Passwords and Standard Authentication Methods.
The overwhelming opinion is that password authentication needs to be replaced with something new and innovative. At a minimum, passwords need to be combined with other online entry methods, such as two-factor authentication.
According to these professionals, biometrics is not the solution for many reasons, including the fact that recording biometric markers, such as fingerprints or eye scans, is permanent and once compromised they are forever compromised.
Nation-State Cyber Agendas.
In a presentation by a speaker from the National Security Agency (NSA), four specific nations were mentioned as predominant in destructive cyber activities: China, Russia, Iran and North Korea. The primary objective(s) of each nation’s attacks:
- China focuses on stealing intellectual property and industrial secrets, so they can replace the USA as the leading technology country.
- Russia focuses on promoting political discord in democratic nations. For example, the NSA, Homeland Security, and other security departments attend DEFCON and encourage hackers to demonstrate how to attack US voting machines so that these organizations can learn how to protect against outside breeches.
- Iran focuses on disruption to cause fear and chaos with its enemies, so it is likely that they would attack our power grids and other public utilities to achieve their ends. Given this, there is concern that the U.S.’s action of pulling out of the Iran Nuclear agreement might lead to disruptive attacks on the US infrastructure. For example, a Las Vegas casino was previously attacked because its owner had spoken out against an Iranian activity.
- North Korea focuses on stealing money because its worldwide isolation has severely impacted its economic growth and stability.
Nation-states are investing massive resources in cyber warfare capabilities because cyber attacks can be cost effective and more damaging than attacks with conventual weaponry. For example, nation-states only need to develop an elite group of bad actors who can develop the tools that can be distributed and used by less talented bad actors. Like online business, the use of cyberwar tools and technology levels the playing field for all participants.
Blockchain is Not the Answer.
The founder of DEFCON opened his remarks with, “Blockchain is not the answer,” to solving cyber warfare and crime. He also pointed out that many people don’t realize that cryptocurrencies are vulnerable; to prove his point, he reported that a Chinese cryptocurrency exchange recently lost over $500 million in a cyber attack.
Because of blockchain’s complexity, size and growing reliance on Internet commerce, many solutions are needed to stop cyber warfare and crime. Prediction: Billions of dollars will be lost in blockchain applications before the investors realize it’s not the omnipotent solution for cybercrime.
Collaboration and Cooperation.
The leaders of both conferences voiced the need for cooperation and collaboration among all parties as the best means of minimizing and defeating global cyber threats – especially because nation-states are sponsoring disruption and warfare at an alarming rate.
In the U.S., government entities are adapting to and using products developed and sold in the public market. The days of government black box solutions are over. Instead, government entities will need to open their purse strings to purchase innovations that have fewer restrictions.
Education, Education, Education.
Although cyber attacks have been occurring for more than 25 years, recent attacks on the 2016 presidential election have pushed government organizations to take action. One government attendee indicated that the present policy is to ensure that every government employee is trained in cybersecurity. Service providers will also have to show competency through certification in order to do business with the government.
Threat Event Management.
In the future, it will no longer be acceptable to assume that your organization has not or will not be attacked. Soon, every online organization must have a formal threat policy whereby it monitors and records events on its network and has policies and procedures for responding to attacks.
For example, the EU’s GDPR regulations require that the user of a third-party product or service is also responsible should that third-party product or service result in information and/or data of its clients being compromised. Cybersecurity is not free and any third-party product or service needs to be thoroughly vetted.
Cybersecurity is Not Free!
Small businesses, non-profits and other entities are all vulnerable to cyber threats that could destroy their organization, yet they often don’t have the financial resources and/or desire to hire full or part-time cybersecurity personnel. Regardless, they are going to be forced to pay for cybersecurity services to meet growing regulation.
Due to the complexity and number of threat vectors that a cybersecurity services provider must use to protect their customer businesses, they will charge their customers a subscription fee that is scaled to the customer size and need.
Black Hat and DEFCON had hundreds of speakers on a breathtaking array of topics, illustrating that cybersecurity is one of the fastest growing industries and concern facing everyone, from the individual consumer to small and mid-size businesses, to large enterprise organizations, nonprofit organizations and government entities. It’s nearly impossible to stay on top of the breakthroughs and news happening in this world, but Netlok will continue to curate content that is timely, useful and news you need to operate more securely online.