This audio is generated automatically. Please let us know if you have any comments.
Cybersecurity professionals are grappling with the same old problems as systems become more complex, further complicating security, a group of executives said last week during a wrap-up panel at Black Hat USA in Las Vegas.
Deep-rooted problems show no signs of letting up, and it’s hard to imagine levels of complexity peaking, said Chris Eng, director of research at Veracode.
This widely held view that things are will get worse before it gets betterif any, appears frequently, supported by recent experience and hard data.
Phishing attacks have recently targeted employees of Cisco, Cloudy and Twiliothe latter having spread the fallout to at least 125 downstream customers. And the relentless pace of vulnerability discoveries and fixes has become a chronic dilemma for cybersecurity professionals.
Software vulnerabilities accounted for nearly half of all initial access cases used by hackers to deploy ransomware in the past year, according to Palo Alto Networks Unit 42.
While changes in front-end frameworks or programming languages can reduce the frequency of common errors, the development of new languages and frameworks creates entirely new ecosystems and additional complexity as a result, Eng said.
Some of these challenges manifest in different ways when applied to new technologies, but the cybersecurity community needs to be quicker to adapt the lessons it has already learned collectively, he said.
“We already know the basic secure coding issues. We know what to do for the most part, and they just don’t get done,” Eng said. “So good job security.”
That discouragement was met with bursts of sarcasm as he and other panelists held court with beers in hand to mark the event’s conclusion.
Misguided attention from cybersecurity professionals is partly to blame, experts said.
According to Matt Suiche, director of memory and incident response research and development at Magnet Forensics, the industry is so focused on endpoints that it misses real problems and neglects the need to tackle motivations of the attackers.
Despite all these problems, and there are many, Natalie Silvanovich, security researcher at Google, remains optimistic.
Much of the systems complexity is unnecessary, and she is confident that eventually people will recognize the impact this has on security and make appropriate adjustments.
Silvanovich said she was inspired and stressed the need for a positive outlook. “I think everyone should keep going,” she said. “I think one day we will solve these problems or at least make a lot of progress.”