Merritt Group Blog

Top Takeaways From Black Hat 2019

blackhat-blogIt’s hard to believe that a month has passed since we packed our bags for Vegas to attend the Black Hat 2019 conference. This year, cyber professionals from around the world congregated in the packed halls of Mandalay Bay for this leading security event, now in its 22nd year. 

Attendees gleaned insights on the latest trends and key issues, with much to discuss concerning 5G, election security and nation-state attacks.

In an effort to help PR pros better navigate the chaos of Black Hat and get the most out of next year’s event, our team captured key insights onsite and boiled them down to these top takeaways:

1. Black Hat Is The New RSA 

With nearly 19,000 attendees, the show has undeniably become bigger and more commercialized as opposed to the niche hacker/research conference it used to be. As a result, many of us had the same lingering question: Has Black Hat become so big that it’s now just a smaller RSA? If so, where is the hacking community headed? 

From what we heard at the conference, they now attend “Hacker Summer Camp,” which combines back-to-back events including Black Hat, DEF CON and B-Sides Las Vegas for a full week of 24/7 security. DEF CON has always been a great alternative to Black Hat, not only because it’s more cost-effective, but it attracts a less corporate audience, gathering together hacker community celebs and offering a more focused conversation around cutting-edge security research.

And while Black Hat attendees were still in Vegas, they made sure to reap all the benefits from their trips. For those looking to escape the crowds of Black Hat, B-Sides Las Vegas is another great opportunity for action-packed networking, where you’ll find some of the industry’s most compelling conversations, yet in a smaller, less overwhelming atmosphere. 

2. Black Hat is Where Major News Breaks

Black Hat is still very much the place to break big news and new vulnerability research. Security companies took the opportunity to monopolize the headlines with major research, product news and more. Highlights from this year’s event included:

  • IOActive’s Boeing Code Leak: The security firm revealed vulnerabilities in the Boeing 787 Dreamliner’s components, which could potentially be exploited by hackers if left unaddressed.
  • IBM F-Force Red Revealed New "Warshipping" Hack: IBM’s security services team, X-Force Red, revealed a new attack technique at the conference known as “warshipping,” which allows hackers to infiltrate corporate networks by hiding inside a package.
  • GPS Research from SwRI: Victor Murray, an engineering group leader at SwRI, stunned the crowd when he demonstrated how easily Global Navigation Satellite Systems (GNSS) like GPS can be spoofed, which presents a world of problems when you consider autonomous vehicles that rely on these very systems.
3. 5G Concerns, Election Security & Nation-State Attacks Dominate the Discussion

With new breaches and cyberattacks consuming national headlines in recent months, terms like 5G, election security, nation-state attacks and more are becoming mainstream. The buzzing halls of Mandalay Bay often make it difficult to narrow in on the biggest trends of the year. We took the guesswork out and identified the top buzzwords we heard over and over again in our conversations:

  • 5G Security Concerns: As 5G commercial networks are introduced, the possibilities they promise (including speedier data, increased network capacity and more) are often overshadowed by security concerns; such as the ability to use unencrypted data to get information about the device and even drain the battery of IoT enabled devices. With many of the security protocols for 5G being based on 4G standards, cyber professionals are raising the alarm when it comes to the vulnerabilities these networks present.
  • Cyber Talent Gap: The question that never fails to arise at trade shows like Black Hat is how industry leaders are working to address the cyber talent gap. A lack of skilled cybersecurity workers has become the plague of the industry over the last decade, with breaches far outpacing the number of people available to address them. Yet despite the attention this subject gets, recent studies suggest the cyber skills shortage is getting worse, with 74 percent of respondents in a recent survey indicating the cybersecurity skills shortage has impacted their organizations “significantly” or “somewhat,” compared to 69 percent two years ago.
  • Nation-State Attacks: With foreign superpowers like Russia and China threatening attacks every day, it’s not surprising to see the topic dominate the conversation at Black Hat in addition to the headlines. As long as IoT connected devices, critical infrastructure and utility grids remain vulnerable, it’s likely nation-state attacks will stay center stage of the conversation.
  • Election Security: As elections approach this November, election security continues to be top of mind for everyone, let alone cybersecurity professionals. With so many potential attack surfaces - from physical voting infrastructure to social media disinformation - even the idea of heading back in time and reverting to paper ballots doesn’t seem outside the realm of possibility. 

Now that Black Hat 2019 is behind us, we’re still whirling from another year of exciting research, trends, and presentations from industry legends, all crammed into two short days. All in all, Black Hat Vegas never disappoints and we can’t wait to do it all over again next summer!

Looking for an insider perspective on industry events? We’ve got you covered! Follow us on social for live updates from the shows. Don’t forget to tag us!

 

Topics: Security public relations BlackHat