Black Hat is one of my favorite cybersecurity conferences. Not because I like the blistering Vegas heat, but because there’s always a great mix of sessions for all types of audiences under one roof. This year’s event was no different. Here are my key takeaways.
Preparation Is Key: Election Integrity and Security in 2024
This year’s opening keynote was on a particularly timely subject: election integrity and security. 2024 is a massive year for democracy. Around 50 countries and half the world’s population are eligible to vote this year.
The panel of experts discussed the role of elections in democratic countries and how the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.K. National Cyber Security Centre (NCSC), and the European Union Agency for Cybersecurity (ENISA) collaborate closely and share ideas to improve election integrity and security in their own countries.
Like the organizers of any major event, these experts must be ready for anything and everything. As part of their preparation, they have completed over 1,600 assessments (physical and cybersecurity) and over 100 tabletop exercises.
Resiliency Means More Than Just Preparing for Cyberattacks
Unsurprisingly, resiliency was a key theme of Black Hat USA 2024. The recent CrowdStrike outage, which resulted from a botched software update, drove home the idea that business continuity plans must consider more than cybersecurity alone to be truly resilient.
Jen Easterly, director of CISA, told attendees that the CrowdStrike incident “just reinforced what [CISA] has been saying about the importance of technology vendors, developing, designing, testing, and deploying software that is secure by design.”
The CrowdStrike outage has also forced business decision-makers to consider other scenarios that could compromise resiliency. The situation in the Middle East is one particularly pressing example: many organizations have development teams or suppliers based in Israel, and organizations must consider what they would do if their services became unavailable.
My key takeaway is that organizations must now, more than ever, focus on testing and retesting incident response and business continuity plans to prepare them for disruptive events such as geopolitical unrest, natural disasters, cyberattacks, or even software glitches.
AI and GenAI Has Come a Long Way, But Concerns Remain
As hard as it may be to believe, it’s not even been two years since ChatGPT and, more broadly, GenAI exploded into the public consciousness. GenAI has a wide variety of applications, and as such, the security community has granted it special attention.
To recognize the importance of GenAI technology, this year, Black Hat introduced an AI Summit to its program, which included keynotes, panel discussions, and the sharing of best practices. At the Summit, many companies announced new features and technologies that include or are enhanced by AI. Similarly, it drove home how many AI-as-a-Service providers have cropped up in the past eighteen months.
However, it was evident at the AI Summit that security concerns remain. Many Black Hat attendees—including myself—expressed doubts about the prudence of sharing sensitive data and IP with third-party GenAI sites, the risk of threat actors accessing customer data through these sites, and the implications for highly regulated industries. In short, while GenAI has come a long way, much work must be done before we fully trust it.
Securing Cloud Data Is as Important as Ever
Once again, cloud security was front and center at Black Hat. Data stored in the cloud is a concern as organizations must ensure they know where it is, where it’s going, and who is accessing it. A robust, secure configuration management (SCM) solution is critical as misconfigurations are the most significant threat to cloud security.
It was also apparent at Black Hat USA 2024 that cloud technology is elevating the criticality of identity and access management (IAM) as a security control. Credential compromise and other identity-based attacks have become increasingly pervasive in recent months, meaning many organizations prioritize strong IAM in their security stack.
Vendor Consolidation vs. Best of Breed
For years, organizations made buying decisions based on determining which solution was “best of breed” for a specific threat actor or use case. More recently, organizations have begun to find that chasing “best of breed” products results in tool sprawl, excessive complexity, and a failure to realize the value of each tool. As such, organizations have focused their efforts on vendor consolidation.
However, the paradigm has shifted once more. At this year’s Black Hat USA, the argument was that best-of-breed products still have their place in security because they typically go deeper with more granularity in their controls.
For me, both arguments hold weight. Most enterprises want to consolidate but will find new threat vectors to address. For example, say an organization executes a year-long consolidation plan to reduce the number of vendors in its security stack by three. When managers look at their security stack a year later, they will likely find that they are net 0 or even net +1 or +2 and view this as an execution failure. However, additional context would show that had they not consolidated a portion of their stack, they would be net +4 or +5 because they could address new threat vectors with point products.
The takeaway here is that organizations should continue with their consolidation strategy with the understanding that there may be a point product needed to address a new threat vector.
Expanding the Definition of Shared Responsibility
Shared responsibility was another key theme of Black Hat USA 2024. Typically, when speaking about shared responsibility, security leaders primarily consider the framework that outlines what cloud service providers and customers are responsible for. While this is a worthwhile approach, we should note that shared responsibility relates to departmental collaboration within an organization. Cybersecurity impacts every department in modern organizations, so every department must know its role within it.
Conclusion
All in all, 2024 was another successful year for Black Hat USA. In an increasingly remote world, it’s always a pleasure to join the cybersecurity community in coming together in person to discuss the trends and technologies driving the industry forward. It’s clear that our industry is at a crucial juncture, especially regarding resilience and business continuity, and coming together like this is important to achieving our desired outcomes. I look forward to next year.
Make Fortra Your Cybersecurity Ally
Our mission at Fortra is to help organizations increase security maturity while decreasing operational burden. Our vision is a stronger, simpler future for cybersecurity. Who’s with us?