Black Hat 2022: Adapting to the growing cyberthreat landscape

The nation’s first cybersecurity chief is warning that the growing threat landscape will get worse as society and businesses become more digitized.

At the Black Hat USA 2022 conference, Chris Krebs, the first director of the U.S. Cybersecurity and Infrastructure Security Agency, said he spent the last 18 months gathering information. He spoke to people in the private sector as well as federal, state and local governments in the U.S. and abroad to determine what they are trying to accomplish and “what keeps them up at night.”

That journey, he said, unearthed three main questions: Why is it so bad right now? What do you mean it’s going to get worse? What do we do about it?

Krebs, founding partner of the Krebs Stamos Group, cited four main reasons why the current situation is quite challenging: Technology, bad actors, the government and people.

On technology, he referenced a quote from Daniel Miessler, author of The Real Internet of Things: “Software remains vulnerable because the benefits of insecure products far outweigh the downsides. Once that changes, software security will improve but not a moment before.”

Krebs explained that companies prioritize productivity and reducing friction – being first to market, for instance. Security is often seen as slowing things down.

Often when securing products, they become more complex. “As we are integrating more and more insecure products into use cases, we’re making it more complicated to manage risk.”

The good news is that vendors are enjoying a “vibrant, robust ecosystem” and addressing some underlying vulnerabilities, Krebs said. But he questioned whether those vulnerabilities are being addressed fast enough.

One weakness stemming from more complex tech stacks is there are more surfaces to attack now by hackers. Over the last two years, the “biggest collective falling down of government, of industry, is on ransomware,” he said.

Such attacks have rapidly increased in the last few years. In the first quarter of 2022 alone, Trend Micro said it detected and blocked more than 4.4 million ransomware threats, up 37% from the previous quarter.

To read the complete article, visit IoT World Today.