Kicking off the Black Hat USA Conference in Las Vegas, founder and director Jeff Moss said while the threat landscape is increasingly sophisticated, complex and volatile, there’s a collective raised awareness within organisations and international governments about the necessity of cyber security.
Moss identified major trends in the security landscape that included raised awareness within organisations, increased attention to cyber security at the government level and a more concerted effort to comprehensively protect Internet infrastructure at its core.
And these trends could be attributed, in part, to the researchers that speak openly about their findings, he said.
“The researchers are always talking publicly about this, they are some of the few people who are actually talking out loud about what’s going on,” he said.
Moss said that historically, the Black Hat conference was the harbinger of future security trends. “Everyone looked at what the hackers doing, and said ‘if that’s what they’re doing now, I probably should be doing something about that,” he said.
Not surprisingly, he said, issues and topics discussed at the conference typically manifest as major news headlines or security trends down the road.
“Stories that happened at Black Hat affected the world later,” Moss said. “With all the awareness that’s been going on around security, we have this great mirror.”
Also, with the growing and evolving awareness, Moss said that it was easier to make a case for security at the executive level, and for security to be part of the conversation earlier in the business decision making process.
“You’ve got more than enough stories now to explain to your management how (security) can be a business enabler,” he said. “If you involve us in the decision making process we can help you. If you only call us when the house is on fire, you have much fewer options.”
Now, Moss said, more vendors were reacting deliberately and intelligently when a security vulnerability is discovered in one of their products — a sign that the industry is collectively maturing.
"They don’t have that knee-jerk reaction so much when someone points out a flaw in one of their products,” Moss said.
As such, organisations that start the conversation sooner will have more control over how security can add value to their business.
International corroboration around cyber security was another important trend , Moss said, highlighting the U.S. Department of Defense’s recently released Cyber Security Strategy, which outlined US targeted cyber threats and strategies to protect the nation’s infrastructure.
“That makes the US the first to publish a national document that lays out policy goals,” Moss said.
With the ball rolling on national cyber security policies, Moss said that could lead other US allies to follow suit, which would further propel international communication and collaboration.
“I’m hoping that will lead other countries to do the same thing,” he said. “We can figure out where we have commonalities and start working together.”
The same spirit of cooperation fostered by international agencies policing child pornography online could be extended to other areas such as phishing or money laundering.
Finally Moss said that more so now than ever before, the Internet is being hardened with security functionality such as DNS Sec and an eventual IPv6 upgrade, intended to bolster overall security mechanisms at the core of Internet infrastructure.