5 security insights from Black Hat 2016
The Black Hat 2016 conference series brings key insights as to developments in network security. In an ever-changing IT landscape, are you prepared?
“There are two types of companies: those that have been hacked, and those that don’t know they’ve been hacked.”
The now famous quote from former Cisco CEO, John Chambers, rings true for businesses across the globe as this year’s Black Hat conference series highlighted. In his opening speech, keynote speaker and technologist Dan Kaminsky warned there is no such thing as a secure Internet and there is an urgent need to re-wire our approach to network security.
So, what is Black Hat and what are some of the key insights we can take from this year’s briefings?
What is Black Hat?
Black Hat is a series of conferences that bring together industry leaders from across the globe to share and discuss highly technical security insights and knowledge.
From professional academics to underground hackers, Black Hat provides a platform not only for briefings but also practical training courses to help the world’s technological elite shape the digital landscape of tomorrow.
Commencing in Las Vegas in 1997, the annual conference has exploded after two decades of development, leading Black Hat to grow into a global phenomenon, with events in Amsterdam, Las Vegas, Tokyo and Washington DC.
What insights can we take from this year?
While experts discussed many different topics at this year’s conferences, there were five key insights to takeaway:
1. Social media is being targeted
We know that artificial intelligence (AI) is becoming more refined by the day, yet a new cyber-weapon developed by ZeroFox’s security researchers John Seymour and Philip Tully takes it to a new level.
The weapon in question is a Twitter bot called SNAP_R – essentially a program that can interact with users and systems on social media. SNAP_R is capable of designing messages targeted at specific users, with the objective of luring them into clicking on links – known as phishing. This activity can boost a post’s click-through rate by 60 per cent.
“The model is trained using spear phishing pen-testing data, and in order to make a click-through more likely, it is dynamically seeded with topics extracted from timeline posts of both the target and the users they retweet or follow,” the duo said.
2. Integration, integration, integration
Product integration is becoming more important as organisations recognise that there are multiple ways of solving security issues. This means that key decision makers are focusing more on using partnerships in a way that helps integrate systems across vendors. So, instead of trying to squeeze security into an existing framework, they can mix and match systems and apps to tackle their unique needs and challenges.
— Black Hat (@BlackHatEvents) November 4, 2016
3. The Internet of Things (IoT) isn’t immune
Smart devices are by no means safe from exploitation. PC Magazine reported how NewAE Technology security researchers used a so-called worm to hack the IoT and infect devices, specifically through software applications designed to control Philip’s Hue smart light bulbs.
With today’s business environment increasingly using apps on smart devices, securing this technology is set to take a greater priority in the future.
4. Businesses aren’t ready to fend off attacks
Coming back to John Chambers’ ominous warning, the Black Hat Attendee Survey of this year’s conferences indicates more people are certain that there will be a major security breach within their company in the next 12 months.
At the same time though, nearly three quarters of respondents reported they don’t have enough staff to hold off impending cyberattacks in the coming months. The statement alone, however, indicates decision makers are aware of the potential risks and can take appropriate action.
5. AI could be part of the answer
While AI is posing a threat to security, PC Magazine suggests it could also help make the Internet safer. Researchers introduced the idea of machine learning to aid in identifying infected computers, their botnet command and control servers.
Reach out to our team today. We will work with you to identify areas of potential weakness within your network and recommend a solution that will mitigate risk.