BHUSA cybersecurity highlights
Staying on top of cybersecurity topics takes place for business executives through many sources, including cybersecurity focused events such as Black Hat and DEFCON. This year’s Black Hat USA event just concluded and there are some highlights that are optimal to add to your arsenal of information in an effort to continue along your cyber resiliency strategy and approach.
The three focus topics that we’re highlighting for you today are:
- Security advisories
- National cybersecurity board
- Supply chain attacks
The Black Hat session on security advisories explored how the cybersecurity landscape has shifted dramatically over the past few years – particularly with regard to guidance and advisories from vendors.
Vendors have traditionally relied far too much upon customers to learn about security incidents via news reports instead of through official channels, such as security advisories or service packs.
The Black Hat presentation discussed how this industry practice can be used for good by providing clear information that allows businesses to accurately assess risk.
So, what does a vendor’s security advisory mean? In short it means they detected something, and they want you to know about so you can fix it!
Allan Friedman, director of cybersecurity initiatives at NTIA, US Department of Commerce, and Thomas Schmidt, ICS and advisory expert, Federal Office for Information Security (BSI) in Germany, outlined an emerging approach to help solve the challenge of being overwhelmed by security advisories.
The concept they proposed is an idea called Vulnerability Exploitability eXchange, abbreviated to VEX. This would involve having automated machine-readable format for security advisories, identifying whether a particular version of software is impacted by an advisory and what actions need to be taken, and communicate what is not affected, referred to as a “negative” security advisory.
National cybersecurity board
Another panel session at the Black Hat 2021 discussed national cybersecurity and how best to coordinate an executive response to threats. The different speakers talked about how cyber capabilities tend to be siloed and fragmented, the increase in false positives that has taken place, and how they are making security more operational and developer-friendly with tools such as Java code verification, which is now available from Google.
Additionally, there was discussion on the potential complications of a national cybersecurity safety board co-chaired by public and private sector leaders that models the NTSB review board that created a case history for government, manufacturers and airlines to deconstruct for their joint preparedness. This chosen approach may give stakeholders a chance to avoid mistakes by learning from other incidents, but we also know that one approach doesn’t fit all.
A major highlight was the fact that cybersecurity and cyber attacks are not plane crashes and that further considerations should be made on the national cybersecurity board.
Supply chain attacks
At the Black Hat 2021 session on supply chain attacks they talked about how supply chain attacks are an attack vector that is often overlooked. They highlighted four ways in which the supply chain can be attacked: malicious insiders, unscrupulous vendors, compromised infrastructure, and defective products or services.
The Black Hat session on supply chain attacks also emphasized the importance of proactive risk assessment so that organizations can jointly identify risks and put preventive security programs in place.
It’s important to keep in mind that third-party suppliers are increasingly being exploited the same way as all companies are attacked. Furthermore, they may not have all the cybersecurity steps in place to safeguard from these attacks. Whether it’s coming from foreign intelligence services such as the SolarWinds attack; ransomware actors such as what happened to Kaseya; or both like we saw with Microsoft Exchange situation, these kinds of supply chain attacks are becoming more frequent and common, and you want to be prepared for them.
We recently covered the importance of supply chain attack cybersecurity on our blog, you can read more about our guidance here: Cyber resilience – Understanding supply chain cyber attacks.
To be prepared will help you reduce costs and recuperate data quickly if an attack takes place on your business.
Photo courtesy of corgarashu