Organisations are more aware of cyber security thanks to researchers exposing vulnerabilities
A Black Hat organiser has pointed to promising trends on how organisations are meeting the cyber security challenge, despite the volatile nature of the threat landscape.
Organisations and international governments are now more aware about the necessity of cyber-security and are exerting a more concerted effort to protect core Internet infrastructure, Black Hat founder and director Jeff Moss said as he welcomed attendees to the conference in Las Vegas August.
This change could be attributed partially to researchers that publicise their security findings, Moss said.
“The researchers are always talking publicly about this, they are some of the few people who are actually talking out loud about what’s going on,” he said.
Historically, Black Hat was a good “proxy for a crystal ball” that revealed the “interesting things that will happen in the future,” according to Moss. Organisations would say, “If that’s what they’re doing now, I probably should be doing something about that,” Moss said.
The topics covered Black Hat often were an accurate indicator of the kinds of exploits and threats that may be coming down the road, he said.
“Stories and talks that happen at Black Hat affected the world later,” Moss said, adding, “We have this great mirror” into the types of security trends that people are paying attention to.
The increased awareness also meant security was being discussed by senior executives much earlier in the decision making process, Moss said. It was easier for security professionals to make the case for security to the executive level since CIOs and CEOs were aware and nervous about what could happen.
“You’ve got more than enough stories now to explain to your management how (security) can be a business enabler,” Moss said, referring to the recent string of data breaches.
Organisations talking about security sooner in the process have more control over how it’s implemented. “If you involve us in the decision making process we can help you. If you only call us when the house is on fire, you have much fewer options,” Moss said.
The US government was also increasing international collaboration on cyber-security issues, which would help make the Internet safer for everyone, Moss said. If other international governments followed suit and published a policy document similar to the Department of Defense’s Cyber-Security Strategy, than they can all start working together on “commonalities,” according to Moss.
For example, if governments agree on definitions and tactics, they can work together to stop organized crime, phishing and money laundering, Moss said.
Vendors were also reacting deliberately and “intelligently” when a security vulnerability was discovered in one of their products, Moss said, noting that was a sign the software industry was maturing. “They don’t have that knee-jerk reaction so much when someone points out a flaw in one of their products,” Moss said.
Organisations are also taking steps to protect core infrastructure by adding security features such as DNSSec to secure online traffic. The eventual IPv6 upgrade will also bolster overall security, Moss said.
Launched as a vendor-neutral alternative to industry ecurity conferences 15 years ago, Black Hat attracted more than 8,000 researchers and security professionals, according to organisers.
The more technical and edgy DEFCon follows a week of Black Hat training sessions and briefings. DEFCon begins 5 August.