Security

Black Hat USA: A Resilient Revolution for Outsmarting Attackers

Experts say there’s a new paradigm in system defense grounded in resilience, and it’s helping nations across the world come together to detect threats.

Lily Lopate

Twitter

Lily is a Senior Editor at BizTech Magazine. She follows tech trends and the IT leaders who shape them — reporting on entrepreneurial business, security and thought leadership.

The conflict in Ukraine has shown the world that cyberattacks are much more than a threatening message on a computer screen. Some of the worst can shut down power lines across cities, disrupting access to information and taking critical equipment in hospitals offline, noted Jen Easterly, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.

During a Black Hat USA 2023 keynote session moderated by Lily Hay Newman, senior writer at WIRED, Easterly sat down with Victor Zhora, deputy chairman of the Ukraine State Service of Special Communication and Information Protection. Together, they discussed how the Ukraine conflict has transformed the cyberthreat landscape and what IT leaders can learn from it.

Here is how these experts characterized cyber resilience and the steps organizations can take to achieve that level of preparedness:

Click the banner below to become an insider and gain exclusive insights after Black Hat USA 2023.

Showing the World What Cyber Resilience Looks Like

“Ukraine showed the world the importance of cyber defensiveness and what cyber resilience really looks like,” said Easterly.

Zhora, who flew from Ukraine to Las Vegas to attend the keynote, agreed but added that Ukraine’s proactive defenses against cyberattacks have been underway for well over a decade. “It’s just that now, the world is watching. It took a war for everyone to see the effects of cyberattacks on cities and citizens, to say, ‘Oh, this could happen to us.’”

This resistance to prioritizing cybersecurity is not new. Too often, security is treated as patch management after an incident hits. “If you wait until it is happening, you’re too late. You need proactive, continuous threat intelligence,” said Zhora.

Information sharing is another tactic that helps. For example, Easterly shared how the U.S. offered threat intelligence to Ukraine.

Train people for a crisis from the day they start working. Train them to engage in a global community of cyber resilience.”

Victor Zhora Deputy Chairman, Ukraine State Service of Special Communication and Information Protection

“People need to rally around a cause and come together,” he said. This requires recognizing how such threats can impact everyone. Especially “given the interconnected nature of networks today,” he added, “you can be sure these attacks will cause great disruption.”

But that’s a grim reality, and it can lower morale. That’s precisely why Ukraine’s resourcefulness is a model example, according to Easterly: “We can learn from their resilience and internalize it.”

LEARN MORE: Design the right cybersecurity defensive program for your business.

A New Definition of Cyber Resilience

For Easterly, cyber resilience means proactively defending against a threat before it becomes a reality. “There’s a tendency to discuss something in the abstract when it’s scary, but we need to internalize the threat as real now,” she said.

But resilience can also reflect recovery. For Ukraine, it meant restoring a sense of normalcy to citizens. “We worked hard to bring satellite devices to villages or bring data to clouds. This enables businesses to continue running — especially as people were relocated by the battlefields,” said Zhora.

Cybersecurity is a really complex problem. We must remember, if there’s a threat to one, there’s a threat to many.”

Jen Easterly Director, Cybersecurity and Infrastructure Security Agency

Expert Tactics to Achieve Cyber Resilience

What can we learn from Ukraine about building a more cyber defensive future? Here are some strategies these experts suggested:

Increase information sharing about cybersecurity: As threats change, discuss this with your partners, whether that’s team members or international allies. “Broadcast what’s happening and raise awareness,” Easterly said. This protects future victims and activates others to create a response plan, if they haven’t already.
Learn everything about the threat, fast: “If we hear of an attack, we want to understand the tactics and scale as quickly as possible,” she said.
Build a culture of cyber resilience: “Train people for a crisis from the day they start working. Train them to engage in a global community of cyber resilience,” said Zhora. This level of preparedness will make teams better equipped to handle threats.
Run regular cyberattack drills: “Know all the strategies in your playbook and do regular exercises so you are ready in the face of disruption,” Easterly said.
Trace the cyberattack: Tracing a cyberattack is difficult and requires a diagnostic assessment of what went wrong. But it can also reveal weak spots in your infrastructure.

DISCOVER: Get critical insights into cybersecurity and threat prevention.

Why We Need an Adaptive Approach to Cybersecurity

Experts on the panel emphasized that as IT leaders put these tactics into practice, they should also think about corporate cybersecurity responsibility. “We must make it a top-down business imperative as much as a safety and security issue,” said Easterly. “Let’s invest in it intelligently.”

Rather than after-the-fact patch management, she suggested, a sustainable approach to cybersecurity should include building products that are secure from the start.

Finally, it’s important to stay adaptive and unified as threats shift. “Cybersecurity is a really complex problem. We must remember, if there’s a threat to one, there’s a threat to many,” said Easterly.

To keep up with our coverage of Black Hat USA 2023, bookmark this page and follow us on X (formerly Twitter) at @BizTechMagazine or check out the official conference account, @BlackHatEvents.