Black Hat 2024 has wrapped up, and like always it was a whirlwind. From a notable presentation detailing AWS vulnerabilities, to yet another slew of AI updates and product announcements, here are some of the key trends we’re watching coming out of the conference that are going to shape the industry through year end:
AI’s back (and it’s better than ever)
If you sang that as the Hess truck Christmas jingle in your head, you’re not alone. But seriously, AI has now taken center stage at the two biggest cybersecurity conferences of the year, begging the question of if these events are going to stay focused on cybersecurity or somehow meld into AI/cyber conferences to some extent.
Unsurprisingly, the conference tackled both sides of the AI security problem: both the risks generative AI and LLMs pose to enterprises if they do not secure the technology as well as the role AI is going to play in protecting enterprises and enhancing cyber posture. Richard Harang, Nvidia’s principal AI and machine learning security architect, led a discussion on the former during his panel ”Practical LLM Security: Takeaways From a Year in the Trenches.” During the session, he shared how adversarial inputs could manipulate machine learning algorithms – which has ignited discussions on enhancing the security of AI technologies that are increasingly being integrated into critical systems. Luckily though there are solutions that exist that mitigate these threats – such as those announced by V2 client CalypsoAI during the event.
Then of course there’s the potential for AI to enhance cybersecurity efforts across the enterprise. Look no further than the slew of AI-enabled product enhancements announced by vendors promising to tackle everything threat detection and exposure management to automating the SOC. Especially with a very obvious talent gap, there’s no doubt that AI can have a positive impact on cybersecurity as a whole, not only in all around better security, but in freeing up human resources to focus on the most important things.
The only question that remains is: will the good of AI outpace the bad?
Cloud Security in the Spotlight
One of the most widely covered presentations of the event was Aqua Security’s research on vulnerabilities within Amazon Web Services (AWS) environments. The presentation uncovered critical weaknesses, including misconfigured permissions and container security gaps, that that could be exploited by attackers to compromise cloud infrastructures. As part of the presentation, experts from Aqua provided recommendations for improving AWS security, including best practices for configuration management, access controls, and regular security audits.
The presentation put a spotlight on cloud security – especially on the built-in security provisions offered by cloud providers like AWS, and how too often they are not enough to offer the level of protection needed. At the end of the day, those providers are cloud providers, not security providers – which of course opens the door for an era of dominant cloud security vendors, as we’ve already seen with the likes of Wiz.
New & Old Problems Raise their Heads
Isn’t IoT like such a 2015 problem? Apparently not, according to experts at the conference. While, yes, the IoT boom took place between 2010 – 2020, we still use smart devices (considered IoT) everyday in the office and at home, and cities, manufacturing companies, and other industries use these devices to do everything from track shipments to monitor factory conditions. However, research presented shows the proliferation of smart devices and the role they play in the supply chain and critical infrastructure makes them an appealing target to bad actors. Weaknesses in device firmware, insecure communication protocols, and inadequate authentication mechanisms could lead to these devices being exploited if not addressed.
The risks around quantum computing were also discussed at length by researchers. With quantum computing advancements on the horizon, there’s immense potential to undermine current cryptographic protocols. The urgency of developing quantum-resistant encryption methods was heavily emphasized, highlighting the need for proactive measures in the face of this evolving and powerful technology.
So, What’s Next?
If there was one message that was loud and clear during the conference, it’s that innovation is everywhere and the industry is making headway in addressing cybersecurity challenges across industries. But as that innovation is underway expect to hear more about how we tackle the cybersecurity talent shortage and get creative with filling the skills gap with automation or unconventional training programs, and see more calls for regulation to address the security gaps presented by technological advancements. There’s also going to be a push for more collaboration and information sharing – across teams internally to improve an organization’s security posture but also across organizations, government agencies and academia to help determine best practices. And yes, be ready to hear more about AI too.
With Black Hat 2024 now in the rear view, we’re looking forward to seeing you at CyberMarketingCon in Philadelphia in December and RSA 2025 next April (and in the meantime, check out our webinar on using communications to stand out at cybersecurity’s biggest event). And, if you’d like to get in touch about V2’s services, drop me a line: [email protected].