It's no secret that the cybersecurity industry is facing a shortage of skilled professionals. The threat landscape has evolved faster than nearly anyone was expecting, creating a high demand for talented individuals with niche skillsets to help protect enterprise and consumer infrastructure.
From thermostats and voice assistants to fitness trackers and toys, smart and internet-connected gadgets are now found in nearly every room of most homes. It’s tempting to try and save money on these devices by capitalizing on less expensive secondhand products sold by third-parties like eBay, Craigslist and even friends or family. But, you may want to think twice before doing this.
There is a recurring theme at Black Hat every year: security researchers come together and show the world how to hack into systems and things. This year was no exception.
The sheer size of the cyber-attack surface becomes more daunting by the day. Networks now connect data centers and on-premise hardware to private and public clouds and IoT devices operating at the network edge, exposing more potential entry points and increasing vulnerability. The growing attack landscape places defenders and security teams at a disadvantage against cybercriminals. From the booth demonstrations to the keynote speeches and session presentations, this reality was inescapable at Black Hat.
Especially with IoT devices, the explosion of endpoints creates more vulnerabilities and exacerbates potential security risks. As consumers and enterprises witness the rapid proliferation of IoT – from smart watches and home security systems to medical devices and industrial equipment – security has widely been an afterthought. The majority of stock IoT devices are not designed or constructed with cybersecurity in mind, which is why we see PoCs compromise smart city systems and telecom gateways.
There were two sessions that I particularly enjoyed and that stood out to me, both centered around machine learning. The first session showed how supervised machine learning can lead a security solution down the wrong path when data scientists training the models are not paired with subject matter experts. The other session showed how deep neural networks can be used to mount a targeted attack where both the intended victim’s identity and the malicious payload are hidden within the ML models and are impossible to extricate by reverse engineering.
When touring the exhibit floor, a striking observation was that the majority of exhibiting vendors act as though they have solved the security problem for everyone. As an industry, it’s important we remember that our customers are people responsible for defending their networks against all kinds of attacks and in turn we have to help them achieve that goal, not swamp them with flashy screens that bypass the difficult use cases. Security vendors are for-profit companies and there is nothing wrong with that, but we need to make sure we are wowing customers with real capabilities that solve some of the tough problems they’re facing while at the same time clearly showing them where the gaps exist. No single vendor can solve the security challenge on their own – this is an already established reality. So, we need to help customers identify the gaps that they need to close with a handful of solutions. It comes down to the fact that we are all fighting the same fight, vendors and customers alike.
New security challenges are emerging from the explosive growth of connected devices, multicloud adoption and 5G, and they do not have clear solutions. Although the conference shed light on the challenges the security industry needs to address, unfortunately, solutions were not abundant because these challenges are complex and lack a silver bullet. There is no quick fix for securing the vast attack surface created by our networks. But, as a defender, I’m optimistic at the industry’s commitment to meet these challenges head-on. One initiative worth mentioning is the creation of the Cyber Threat Alliance in which major security vendors are sharing threat intelligence data on a daily basis to raise everyone’s customers’ security posture to a better level. Juniper Networks is a member of this alliance and strongly believes that defending all customers’ networks, not just those with Juniper security products, is a cause worth pursuing.
There are 21 water counsels in the Netherlands that collectively have the job of protecting the 25 percent of the country (four million people) that are somewhere between 10 meters below and one meter above sea level. These regional water authorities are among the oldest forms of local government. They provide clean drinking water, manage every aspect of water provision and control within the region and areconsidered Category A Critical Infrastructure by the Dutch Ministry of Justice and Security.
Now more than ever, our networks and infrastructure require security that keeps pace not only with cybercrime, but with the demands of ubiquitous streaming, a myriad of devices and accelerated cloud evolution. This explosive growth and fluid environment means that organizations need more muscle from their firewalls.
Security automation can be the key for organizations to improve their security posture and make the most of scarce security personnel. However, more than 70 percent say that they struggle with adoption due to vendor sprawl in their security environments and a lack of skilled professionals to implement a broader automation initiative.