When it Comes to Cybersecurity, Wearing the Black Hat Pays Off

What was the first thing I did before entering Black Hat USA in Las Vegas? I toggled off my bluetooth. With more than 20,000 people in attendance, Black Hat is the largest cybersecurity conference in the world. Events like these are a magnet for hackers – the ambitious ones consider them a teaching moment of the highest kind. One minute you could be standing next to a chief information security officer from a Fortune 50 company and the next it could be a cybercriminal learning new ways to exploit infrastructure vulnerabilities to increase revenues.?

?

This is the world we live in. This is why it pays to wear the black hat.

?

The Black Hat Experience

?

First, a little history. If you’ve ever watched a Western from the 1950s, you know the rough and tough bad guys wear the black hat. This was the inspiration behind the Black Hat Briefings founded by hacker and computer security expert Jeff Moss, also known as Dark Tangent, in 1997. The annual event’s purpose is to give computer security professionals highly technical strategies to minimize risk and win the battle against cybercriminals across the information security landscape.?

?

One exhibitor at Black Hat was Splunk , Known globally for its enterprise resilient platform, Splunk was acquired by 思科 in March of 2024 as a way to “Power and Protect the AI Revolution,” according to a CISCO press release. Black Hat wasn’t all serious talk, though. Thanks to Splunk ambassador Katie Kirby, I got my first tattoo featuring the Splunk logo and four aces.?

?

One wall of Splunk’s booth caught my eye as being rather prophetic. The phrase “Me, my friends and AI.” were written across the top of a T-Shirt rack. The inference was a creative and succinct way of saying that AI is fast becoming embedded in our daily lives. AI is, indeed, everywhere.

?

This is one reason I find Splunk to be so relevant. Its technology is transforming the security operations center with a unified approach. Think of it as a fortress of protection with less “blind spots” or visibility gaps as opposed to siloed solutions and tools used to fend off assaults across an organization. Splunk aims to deliver 100% visibility, 10x faster incident detection and investigation, and over 95% automation in incident response tasks. Monitoring security situations in real time is where Splunk shines.

?

The “why” behind Splunk’s approach can be seen in its 38-page State of Cybersecurity 2024: The Race to Harness AI report, which points out that 93% of respondents are already using generative AI (GenAI) in some capacity. While many, according to the report, see it as a “critical point of innovation,” GenAI also creates greater vulnerabilities and opportunities for attacks. If you’re in cybersecurity or you lead an innovation-minded organization, this report is a must-read.?

?

Here are three highlights accompanied by take-action ideas you can put into play.

1. GenAI’s Implications.

• According to the report, 91% of security professionals are using GenAI, but 65% don’t understand the implications. I was surprised by the second number, which shows a disparity between GenAI applications and its inherent privacy and accuracy risks. I would have expected security professionals to understand this better. However, I also think GenAI is evolving at warp speed. In my many conversations with security professionals about GenAI, there seems to be two schools of thought. Some are against using it while others are using it to learn new things. Exploring who will benefit the most from GenAI, here again the report reveals a fascinating statistic: 43% choose defenders while 45% choose adversaries. It’s a tight race that cybersecurity leaders must win by understanding GenAI’s risks.
• WHAT TO DO: Provide guidelines. For example, one guideline might be to simply not put confidential information (think financial numbers, product roadmap, long-term strategy, M&A information) into GenAI prompts.

2.???? Balancing Security and Compliance.

• A whopping 86% say they will shift budgets to prioritize compliance regulations over security best practices. This puts, as the report states, security professionals between a “metaphorical rock and a hard place.” Underreporting poses penalties and even personal liability while overreporting could negatively impact stock prices and brand trust.
• WHAT TO DO: Every board should put cybersecurity on the agenda. Cybersecurity starts from the top. Don’t make assumptions, make plans. This will better balance compliance with security best practices as the two are not mutually exclusive. Also, protect the security budget. I’ve worked for companies that have cut the security team or hired people with less experience when budgets got tight.?

3.???? Diversity of Incidents.

• The top four most frequent incidents experienced by respondents in the last two years are data breaches (52%), business email compromise (49%), system compromise (49%) and cyber extortion (48%). There are, however, a host of other diverse security incidents that are cited. One thing I learned is that while adversaries are getting smarter, so are defenders. Look at this statistic: Fewer respondents lost productivity and the number of respondents that spent significant time and personnel to handle incidents dropped by 13% to 44% compared to 2023. We’re becoming more resilient.
• WHAT TO DO: What gets measured, gets done. Know your strengths and vulnerabilities. Integrate a cybersecurity framework (the National Institute of Standards and Technology has a good guideline to start with). Create a culture of cybersecurity. Include education for suppliers, contractors, employees and new employees. For example, test vulnerabilities by sending a fake phishing email to see how people respond. Train for real-world circumstances. Doing so creates better habits, educates on cybersecurity guidelines in a realistic setting and, ultimately, reduces the risks of human error. Proactive simulation exercises, such as tabletops, keep people, data and the fortress around your network safer.

?

AI is the New “Cellphone”

?

According to Pew Research, 97% of Americans own a cellphone today. This is about double the number compared to just 10 years ago. Similarly, GenAI is the new reality, a sun that is quickly rising for many industries and people. Like the cellphone has become part of our lives without us even thinking about it – from giving us our running pace to sending birthday wishes to interacting with brands through apps – GenAI is starting to become embedded into our personal and work lives.?

?

GenAI is not a threat; it’s a game-changer for innovation as long as we are prepared for the worst. How do we operate if our system is compromised? Are we measuring our security strengths and vulnerabilities on all fronts? How resilient are we if attacked? How will we continue business as usual if our system comes to a halt??

?

It all comes down to prioritizing cybersecurity. This is where wearing the black hat truly pays off.?