In early August, the industry’s largest hybrid event – Black Hat USA 2021 – took place online and at the Mandalay Bay Convention Center in Las Vegas. The event, which highlighted the latest security trends and technology best practices, attracted more than 6,000 in-person attendees, while over 14,000 tuned in via the virtual platform. Darktrace’s Eloy Avila shares his six key takeaways.
1. The cybersecurity landscape is changing, but the threat types remain the same
As hackers continue to innovate and the attack surface widens, the threat landscape is evolving drastically. Despite a massive shift to remote work, the significant threats themselves have not changed since Black Hat USA 2020 and the early days of the COVID-19 pandemic.
Zero-days, ransomware, advanced persistent threats (APTs), supply chain attacks, targeted phishing, and threats to operational technology (OT) and Internet of Things (IoT) environments are still the top concerns, though we have seen an increase in attacks on the email and software-as-a-service (SaaS) side. While the attack methods largely remain the same, high-profile attacks like that on Colonial Pipeline have business leaders paying increased attention.
2. CISOs rise to new prominence within the C-suite
CISOs report that their engagement with the rest of the C-suite has dramatically improved due to new priorities and discussions around cybersecurity. Broader fears about hackers’ sophistication – and that nation-state attacks can directly impact private sector companies even outside of critical infrastructure – have spotlighted the vital role a CISO plays within an organization.
3. The future of security tools: Understanding both OT and IT
Over the past year, more OT institutions have moved away from security tools that focus solely on OT environments to those that understand information technology (IT) and OT. Before Stuxnet in 2010, most cyberattacks targeted traditional IT environments. Now, OT environments are victims, too (for example, the attacks on Colonial Pipeline and JBS).
With the digitization of our world, IT and OT have become more interconnected (also known as IT-OT convergence), forcing OT security practices to adapt. CISOs are now widely recognizing the importance of tools that can defend both OT and IT. Security tools need to operate in both IT and OT environments with a multilayered approach to intelligently interrupt cyber threats early in the kill chain, on both sides of the network, and minimize disruption.
4. Supply chain attacks heavily reduce the operational cost of mass exploitation
Supply chain attacks create indiscriminate damage, as we saw with SolarWinds in December 2020 and Kaseya in July 2021. Regulation alone will not be enough to combat supply chain attacks, so businesses themselves need to invest in the right security tools and procedures to ensure cyber health and resilience. Supply chain attacks are virtually impossible to detect with legacy, signature-based security: The malicious software is packaged as legitimate and delivered into the heart of thousands of organizations by trusted suppliers and partners.
Artificial intelligence (AI) is making huge steps forward in this area. Today, the most cyber-mature organizations already rely on AI systems to continually monitor their risk across globally distributed networks, made up of multiple third parties worldwide.
5. Zero-day vulnerabilities are on the rise
Newly identified zero-day vulnerabilities in the wild have steadily risen over the past few years. 2021 saw an unprecedented spike in zero-day vulnerability detection, rapid reconnaissance and active exploitation. Data compiled by Google’s Project Zero reveals that 2021 is the biggest year on record for “in the wild” zero-day exploits. While security professionals can usually anticipate 20 to 25 exploited zero-days in any given year, 2021 saw a massive 33 before July alone. Notably, both supply chain attacks listed above (SolarWinds and Kaseya) resulted from hackers exploiting zero-day vulnerabilities.
6. Offensive vs. defensive security
Cyber compromises have increased over the past decade, and defenses that look in the rearview mirror are struggling to withstand the new wave of attacks.
Improving defensive security is possible with a better understanding of “action bias” (e.g., individuals will act without fully understanding or evaluating the situation). Security professionals need to fully understand what occurs when compromised before acting, even when the case is stressful or time sensitive.
Innovations like AI help augment human teams by providing complete visibility into the network, giving context around an attack, and helping human teams triage, prioritize and summarize incidents. We need to put cyber teams on the front foot: proactively monitoring and investigating threats in real time as they develop instead of consistently reacting to threats that have already escalated into attacks.