Maintain Your Momentum: Top 4 Black Hat 2022 Takeaways
Share with Your Network
What happens when you pack thousands of cybersecurity nerds into a single conference center? You hit critical mass. It’s the perfect cocktail of expertise, innovation, and out-of-the-box thinking to spark meaningful action. At least that’s how we’d classify last week’s Black Hat conference. Attendees participated in exciting ideation, shop talk with cohorts, and opportunities to learn from the best in the biz—all against the sweltering backdrop of late summer in Las Vegas. You can’t really ask for more.
Heading into Black Hat 2022, we were expecting to see a lot of messaging about building resilience and establishing a future-proofed foundation of security. And we weren’t disappointed. The week was peppered with future-focused keynotes and sessions, all stressing the importance of security resilience and being ready for more and more unprecedented change. The fact it was the 25th anniversary of the industry event further underlined the idea of survival and planning for what’s next.
Top four takeaways taking up our brain space
Now this year’s conference has come to a close, we’re still processing everything we heard and saw from the past week, but we wanted to call out a few key takeaways that stand out from the bunch.
1. Time to zero in on zero trust. It’s hard to talk about cybersecurity these days without talking about zero trust. Many organizations have been making moves to adopt or improve their zero trust strategies over the last two years with the emergence of the hybrid work model, the volume of connected devices, and increasing connectivity. But as anyone who’s grappled with building a zero-trust environment knows, it’s not an easy task. And last week, there was no shortage of new offerings dedicated to addressing this problem, making it hard to filter out the value-adds from the marketing fluff. That’s why trusted enterprise solution providers are the go-to for many who want secure and continuous network access without sacrificing usability.
2. Even the government is going risk-based. We’re coming up on the one-year anniversary of CISA’s Binding Directive 22-01, directing public sector entities to focus their remediation efforts on active exploits included in the agency’s Known Exploited Vulnerabilities Catalog. This shift in strategy was necessary to help resource-strapped public organizations manage the explosion of vulnerabilities in recent years. But it also signaled a risk-based evolution within the larger security field, one strong enough to infiltrate the famously slow and cumbersome red tape of the United States government.
So, when five heavy hitters in the risk-based vulnerability management space convened to unpack what this shift means for managing risk today (and tomorrow), Black Hat attendees paid close attention. Hosts Jerry Gamblin and Michael Roytman were joined by Allan Friedman of CISA, Jay Jacobs of the Cyentia Institute, and Ed Bellis of Kenna Security at Cisco.
Bad news: Only Black Hat attendees who couldn’t make it to the panel can watch the recording. Good news: The rest of us can stay tuned for the recap!
3. Cybersecurity is the newest battlefield. A poignant moment stood out when Ukraine’s top cyber official made a surprise appearance at last week’s conference. Victor Zhora, the deputy head of Ukraine’s State Special Communications Service, stopped by the Black Hat event to share the stark reality of what cyber warfare looks like in eastern Europe right now and what he reported was sobering.
Aside from the devastating physical attacks on the country of Ukraine, intense cybersecurity attacks have skyrocketed (more than 1,600 reported since the start of the war), targeting critical infrastructure facets such as the internet and power.
Zhora’s visit offered a grim glimpse of what casualties of war will look like moving forward. “This is perhaps the biggest challenge since World War Two for the world,” notes Zhora. “And it continues to be completely new in cyberspace.”
4. Resilience is the only way forward. In an effort to lessen the impact of increasingly sinister and sophisticated attacks, many security leaders are latching onto the idea of ramping up their resilience. The global pandemic was a painful lesson in navigating unknown change and for those that emerged on the other side (often in a stronger position than before), the idea that resilience was the key to longevity and organizational success was clear.
Messaging which underscored the importance of resilience was pervasive at last week’s event. But achieving a state of security resilience doesn’t happen overnight. That’s why Cisco has broken down the concept into five key capabilities so that leaders can better understand what they can do to prepare their infrastructure for the future.
And there’s no better place to start your road to resilience than risk-based prioritization.
Maintaining the post-conference momentum
It’s all too easy to get excited at an industry event and head home in that post-conference haze ready to make some fundamental changes to your security strategies or operations. But inevitably the reality of real-world limitations and finite resources brings that motivation to a snail’s pace, and those big changes start slipping into your list of priorities. Let this be your call to continued action! We want to help you maintain that momentum to make the necessary and critical changes.
As you settle back into your regular routine, begin building your list of priorities and must-haves for the coming year. Start gathering the resources needed to outline a winning business case and find those internal risk-aligned allies to help build support for your initiatives. If you notice your motivation starts waning, dive back into the same resources that kicked you into gear in the first place. All of the innovative ideas and cutting-edge solutions that sparked your interest at Black Hat still exist, but it’s easier to picture success if you can rekindle that initial drive.
If leveling up your vulnerability management is on your list, we’ve got you covered. Here are a few hard-hitting resources that underscore the mission-critical value of risk-based vulnerability management and security resilience.
Explore the CISO Kit for illuminating strategies to help build your security resilience and ready your infrastructure for the next big threat.
Sign up for Kenna Katalyst, an on-demand educational series designed to help kick start your risk-based vulnerability management program.
See you next year! Or maybe sooner?
Don’t want to push off your risk-based journey until next year? We can help you. Reach out to schedule some time to talk to one of our experts, see a demo, and get the in-depth answers you need to prepare your security infrastructure for the future, right now.