For the last keynote session of this year’s Black Hat Asia, information security experts participated in a panel discussion regarding the most pressing issues facing the InfoSec community, along with the most efficient solutions in solving these problems.
The group included Black Hat Review Board members Lidia Giuliano, Security Advisor, Financial Services; Vitaly Kamluk, Principal Security Researcher, Kaspersky Lab; Vandana Verma, Vice-Chair, Global Board of Directors, OWASP Foundation; and Neil Wyler, Threat Hunting & Incident Response Specialist, RSA, with Jeff Wilson, Chief Analyst, Cybersecurity Technology, Omdia, as moderator.
Starting the talk, Jeff asked the panel about the key drivers for the current digital transformation, to which the cloud became the focus of the conversation.
As cloud computing has become such an important enabler for digital transformation, Lidia believes there should be a much bigger focus on third-party assessment. This is to ensure that whoever organisations choose to outsource their data to is safe and secure.
Neil thought the same, mentioning that as cloud migration becomes the top priority for businesses, it is causing their security perimeter to expand and become virtually invisible. “I believe this is one area which needs a lot more attention because it is in a different form compared to before, having a larger security and ecosystem issues”, he added.
To address these issues, Jeff asked the panel about their thoughts on cohesive strategies moving forward in dealing with supply chain attacks, which has been a concern since organisations started to expand their operations to external networks.
According to Vitaly, a zero-trust model is applicable and the most efficient for this issue. He added that organisations should apply the measure on the enterprise level as well as individual property. For example, whenever you purchase something for your supply chain, it is a good practice to conduct basic verifications. This is because businesses tend to trust some brands, even if they are also vulnerable to hidden threats and attacks.
The panel also stressed the importance of adhering to the basics of InfoSec hygiene. Neil explained that if you know what's going on in your environment, you would know what it looks like when things are good and see changes if there are indeed attacks going on. “That's what's going to help you and that's a very fundamental, very basic thing. What are the devices on my network? And what are they communicating with”? added Neil.
For Vandana, every cloud provider is doing things their own way but that should not be the case. She believes that the only way to move forward is a combined effort by all the vendors toward a unified monitoring framework. Vandana added that if we do not have the combined efforts by the vendors, the breaches will happen and whatever we will do, we will not be able to monitor them enough.
For the InfoSec field, cybersecurity professionals play a big role, which means that potential experts need to be encouraged to help mitigate attacks. Focusing on that, Jeff said that there is actually a skills gap in this profession, with up to 4 million open and unfilled positions. How do we get past that?
This pandemic has, in a way, helped fill such a gap, Lidia said. This is because before, organisations tend to hire people that are within their city or state, whereas the pandemic has proved that experts even from distant places can fill companies’ job positions.
Ending the discussion, Neil said that mentorship goes a long way. “What we should be doing is bringing people in those entry-level positions and then giving them on the job training. In addition, fostering the knowledge that they have and growing it by sharing our passion with them, instead of just expecting them to come ready to crush everything on Day 1”, explained Neil.