December 6, 2023 at 02:48PM
At the Black Hat Europe 2023 event, Ollie Whitehouse of the NCSC stated that current cybersecurity is inadequate to counter advanced threats. He criticized security vendors for creating closed ecosystems with up-charges for better security and lacking transparency, especially regarding SaaS vulnerabilities. He advocated for basic security improvements and greater attention to industrial control system attacks.
Meeting Takeaways – Black Hat Europe 2023, London
Speaker:
– Ollie Whitehouse, CTO of the UK’s National Cyber Security Centre (NCSC).
Key Points:
1. Insufficient Modern Cybersecurity:
– Modern cybersecurity solutions lag behind the abilities of attackers.
– This deficiency allows threat actors to operate with inadequate consequences.
2. Industry Challenges Highlighted by Whitehouse:
– The asymmetry between cybersecurity defenders and threat actors.
– The issues created by vendors, particularly the lack of transparency and the creation of closed ecosystems.
– High levels of technical debt in organizations.
– The misplaced reliance on a single, all-encompassing security solution.
3. Vendor-Related Concerns:
– Closed ecosystems limit access to product telemetry, hindering informed security decisions.
– Security is often tier-based, with deeper protections only for higher payment tiers, which is unsustainable.
– A call for greater vendor transparency, especially regarding the disclosure of vulnerabilities in both on-premises and SaaS products.
4. Industrial Control Systems (ICS) Threats:
– Vendors should pay more attention to the growing number of attacks targeting ICS.
– There is an increasing risk of not being adequately prepared for threats that are not as high-profile as ransomware.
5. Basic Security Best Practices:
– Secure legacy technology and stop over-focusing on new solutions.
– Enforce better password management and multifactor authentication (MFA).
– Improve asset discovery and inventory practices.
– Eliminate the use of unsupported platforms.
– Address common web security issues, such as cross-site scripting and SQL injection vulnerabilities.
– Focus on the human element and user awareness to combat phishing and similar threats.
Action Items for Organizations:
– Implement basic security measures thoroughly.
– Use available tools like MFA and WebAuth to reduce the risk of phishing.
– Raise user awareness to improve security practices across the board.