Black Hat USA – Cybersecurity Takeaways You Need to Know

As a cybersecurity consulting company, we attend a lot of events. We speak, we train, we collaborate — we have a lot of frequent flyer miles. Black Hat always holds a special place in our hearts and Black Hat 2019 did not disappoint. In this post, we’ll cover our experiences at Black Hat 2019 and four important issues that got a lot of attention:

• Cloud Security
• Bug Bounties
• Intelligent Phishing
• IoT Security

During our first couple of days at Black Hat, we were excited to meet a new group of students in our Black Hat data breaches training class. Our team loves helping students dig into identifying different breach scenarios, learn strategies for containing threats, discover how to preserve evidence and much more. If you have not had a chance to take one of our data breach courses, Black Hat is adding a NEW training in Alexandria, VA, this October and we are excited to be teaching our data breach class again at this new venue.

After the specialized training concluded, it was time for the Black Hat Briefings. There were cybersecurity lessons learned, new and exciting security ideas, really bad ideas scorned, bugs debated and then there was drama…there was heckling, removal and apologies – it was a whole big thing. (On a side-note: share what you thought was the funniest or most interesting moment at Black Hat 2019 in the comments section of this post on Facebook, Twitter or LinkedIn. We will pick our favorite comment and send that person a free LMG t-shirt, slap bracelet or shot glass – your choice!)

Here are the top four issues from Black Hat USA that we all need to keep in mind, as well as some resources on how to mitigate these security challenges:

1)   Cloud Security. The cloud is booming, and with it comes a reinvigorated focus on cloud app and cloud database security.The unfortunate (yet perfectly timed) breach of Capital One due to a misconfigured web app firewall underscored this need with amazing accuracy. Too many companies rely only on the security resources of the cloud provider, assuming that protecting the data is enough. That’s a big mistake. You also have to:

• Protect access to the cloud data
• Discover & vet ALL the cloud storage employees are using for your company data (For example, is your HR or marketing department sharing files with vendors using an insecure provider without your knowledge?)
• Ensure you have policies and safeguards regarding the people who can access the data
• Secure every machine and phone used to access your data – for more information on securing the cloud, stay tuned for next week’s blog on cloud security

2)  Phishing is getting smarter. New security devices need to stand up to the test. Extrahop, Rapid7, Cylance, Juniper Networks, and many other vendors are stepping up to the plate, offering advanced new IDS/IPS offerings designed to stop the next generation of phishing attacks. To be clear – they won’t, but they might slow it down enough to make the epidemic manageable. So, what do you need to do? You need to implement technical controls AND train every user in your company to reduce the odds. Read our 3-part phishing blog series, as well as our vishing blog that offers advice and insights.

3)  Microsoft and Apple are getting serious about bug bounties. Microsoft announced a new isolated Azure cloud environment specifically for bug hunters, and they’ve doubled many of their bug bounties. Apple has also massively increased bug bounties and has expanded the scope of their bug hunting program. This is all great. But, the reason they are taking these steps is because undiscovered bugs can cause major breaches and serious financial and PR pains for companies. Simple cyber hygiene tasks such as keeping patches up-to-date is good start, but some of these bugs are undiscovered for long periods of time. For this and many other reasons, we recommend implementing proactive threat hunting to actively look for indicators of compromise and find malware that may be dwelling unnoticed in your network. Read out proactive threat hunting blog for more advice.

4)   IoT hasn’t really improved much, and the same old problems are to blame. IoT devices generally still have weak security, but organizations are still implementing them in high volumes. Rushing to market with new, flashy, must-have devices is leading to all kinds of new security flaws, especially when it comes to use in corporate and hospitality environments. If you are implementing IoT devices, ensure you are following good cybersecurity policies as well as implement these security measures:

• Know which manufacturers offer better IoT security
• Select strong passwords and NEVER uses the default
• Keep patches up-to-date
• Ensure appropriate network segmentation that limits access to sensitive information and isolates less secure devices
• Quickly apply all security patches and updates to eliminate vulnerabilities in IoT devices
• Implement endpoint security technology that enables you to automatically identify and locate every device connected to your network
• Monitor devices and network traffic in real-time, so you can quickly detect and stop bad behavior

On a lighter note, Black Hat is also our annual student training dinner/reunion. We love going out to Battista’s Hole in the Wall for dinner with our current and some of our previous students to kick-back, relax and discuss life in and out of our roles in cybersecurity. This is one of our favorite traditions, and we are thankful that we get to know so many amazing people!