By Christine Castro, VP of Global Marketing
September 8, 2022

CoverPost_NEW_BH

 

In early August, DuskRisers flew to Las Vegas for one of the largest annual events in the cybersecurity world, Black Hat USA 2022. After the seemingly endless pandemic hiatus, the community came out in full force, allowing cybersecurity gurus, experts, and enthusiasts to experience the vibrant spirit of reunion. Days flew by filled with exciting client meetings, inspiring recruiting efforts and face-to-face interactions around the extravagant booths on the show floor. They say "What Happens in Vegas, Stays in Vegas" but at DuskRise, we want to break that rule by sharing this year's top highlights.

The Level Up Party

The 25th year of Black Hat was truly special and memorable for us, as DuskRise co-sponsored the hottest party of the summer, LevelUp at the Skyfall Lounge. The theme of the event was the famous Nintendo game, Super Mario. You might ask yourself, what does Mario have to do with cybersecurity? It might come as a surprise, but Mario has a lot in common with cyber threat actors: he knows what he wants (getting to Princess Peach / accessing valuable corporate data) and will use every resource available to get there. For instance, Mario takes advantage of the “Warp Zones” to skip entire game sections, just like hackers user lateral movement to access corporate networks. Not sure if the organizers had this concept in mind when choosing the theme, but we thought that this clever subtext was like the icing on the cake. 

The venue for the event was the beautiful Skyfall Lounge, with panoramic views of the city and many eye-catching details such as souvenirs with sponsors' logos, retro game sets and cocktails named after the sponsors of the event (the DuskRise one was "Punch Out!" Planter’s Punch, in case you were wondering). Our team truly enjoyed the fun time, networking, and discussing who had the next "best thing" in an informal setting; special thanks to our host, ZeroFox, for making this possible.

What the Booth!

This year’s show floor was truly impressive thanks to the scale and diversity of the booths and creativity of the tactics that companies used to attract and engage with visitors. From race car simulators to actual race cars, giant abstract installations, a boxing ring, a candy store, and slot machines — everything transported the attendees into a different dimension, where they could have fun and have discussions on the most relevant topics, from data protection, to infrastructure protection, AI and SASE solutions.

Key Takeaways 

Trends

Among the topics addressed by the keynotes this years were the control of information, the impact of fake news in the current political and economic context, and the challenge of finding reliable information sources. With a greater involvement of new players in the field, namely the individuals, it is becoming increasingly more difficult to define and ensure ethical behavior.

Technology

The more software an enterprise activates, the more difficult it becomes to ensure smooth and secure code integration, maintenance, and update. The lack of attention to cloud assets security is dangerous and causes a more complicated risk management and cybersecurity strategy definition. 

Threat actors

The bad guys have realized how lucrative an attack on corporate cloud can be. Cloud ransomware remains the principal threat, exerting a damaging impact on enterprises worldwide. Currently, attacks on supply chains are the major red flag.

Regulatory landscape

Compliance shouldn’t end upon security checklist completion. To prevent future global incidents, regulations must evolve, giving room to innovation and technological advancements without compromising on security matters. 

The conclusions remain persistent: to protect your organization from attacks, follow best security practices, isolate your networks, reinforce perimeters, MFA, IR plan and backups. Yet, when it comes to critical infrastructure, there is still lots of improvements to be made to prevent its exposure to threats. 

Burnout is No Joke

One of the most remarkable talks of BlackHat USA 2022 was “Trying to Be Everything to Everyone: Let’s Talk About Burnout”. With the rise of hybrid work policies and emergence of more sophisticated cyber threats, talks about work-life balance and overall wellbeing of security staff gained momentum. Employees within the security industry are continuously subject to high levels of mental workload, which increased with the need to manage an extended attack perimeter in the post-COVID era. Living under constant pressure and stress impacts the ability of InfoSec experts to timely and efficiently respond to threats and mitigate attacks. The speaker emphasized the importance of taking care of oneself and preventing burnout through good health, exercise, and relaxation techniques.

Wrap Up

Overall, everyone seemed enthusiastic about being back in the center of a major global event. The keynotes' messages were exciting yet also raised suspicions about escalating tensions between China and Taiwan, as well as the evolution of offensive techniques and vulnerabilities within critical infrastructure. On the positive note, the speakers reassured the audience that the new defensive tools adopted by the tech-savvy workforce is exactly what is needed to manage emerging threats. We are looking forward to Black Hat 2023 and hope to see you there!

IMG_1238

Image from iOS (36)

IMG_6877