Virtual Panel Event Complete with Drinks, Snacks, and Trivia
When the world gives you lemons, make lemonade. Many vendors did just that around the time of what would normally have been the massive Black Hat and DefCon cybersecurity conferences in Las Vegas. The world has given us lemons in the form of COVID-19 and limitations on travel and group gatherings in an effort to contain the pandemic, so the conferences switched to online and many vendors hosted their own virtual events to fill the void. Intel took things a step farther and did their best to recreate the atmosphere of a convention reception event—complete with drinks, snacks, and games—while providing valuable insight and information about trends in cybersecurity and how Intel is protecting its customers.
I recently attended some of the virtual keynotes and sessions of the Black Hat conference itself. I was also invited to a handful of vendor sessions. The event with Intel stood out, though, because they asked up front for drink and snack preferences (I opted for the beer and popcorn) and shipped those things to attendees ahead of the event. It was obviously not quite the same as mingling and networking face to face in Vegas, but it was a unique spin on taking things virtual that still provided some of that same casual ambiance.
The event also included a trivia game. The questions revolved around cybersecurity history and technologies. I came in third overall. I was doing well and leading the pack for a bit but missing the last 3 questions allowed other participants to zoom past me.
Just like a reception event at Black Hat in Las Vegas, the conversations and games also came with some insight from Intel executives and a little bit of Q&A about cybersecurity in general–more specifically about how Intel is investing effort and resources to raise the bar and make computing safer for everyone. Amy Santoni, Principal Engineer at Intel, Maggie Jauregui, Security Researcher at Intel, and Dhinesh Manoharan, Senior Director, Offensive Security Research at Intel, shared insights and answered questions from the journalists who attended the event.
The discussion following trivia kicked off with a question around the main threats—the tip of the spear—that organizations need to pay attention to. A recent study from Iomart was raised that found a 273% increase in large scale data breaches in the first quarter of 2020, and highlighted the rise in cyber attacks during the COVID-19 pandemic and some of the unique challenges organizations face as they adapt to a remote workforce.
Dhinesh then talked about island-hopping attacks. He explained that it is derived from a term for a military strategy. It is essentially another name for a supply chain attack. Dhinesh said that from a cybersecurity perspective, instead of targeting the primary target that is ultimately the goal, the attacker will search the broader environment of connections and partners that work with the primary target and find a weakness to compromise that will enable them to gain access to the primary target.
An organization can do some due diligence to ensure that the vendor they are dealing with is trustworthy, but it’s also important to recognize that the supply chain is more complex than Customer A buying a product from Vendor B. You need to know who that vendor trusts and where the parts or code used to produce the end product were sourced from. Intel created the Compute Lifecycle Assurance Initiative to provide greater transparency into the supply chain to help customers understand and manage this risk.
With Election Day in the United States coming up in less than 90 days, election security is another hot topic. A question was posed about whether it is even theoretically possible to develop technology secure enough for a national election. Maggie shared that there is no such thing as an unhackable system. “There is no such thing as true security, only varying degrees of insecurity.”
Maggie also stressed that a computer is a computer no matter what the use case is. The same principles apply for voting machines as other computers—and the same best practices should be applied.
We talked about cloud security and container technologies. Amy highlighted the importance of container security and Kubernetes security. She noted that companies want to put data in the cloud, but they want to make sure the cloud provider can’t access the data. There is a shared responsibility model for cloud security, and the company retains most of the responsibility for properly securing and protecting their own applications and data, but Amy pointed out that there is a financial incentive for cloud services providers to make the whole system more secure.
Dhinesh also addressed the issue of IoT (internet of things) security, noting that IoT is a different breed of technology that poses some unique security challenges. IoT devices tend to be in use for a much longer period of time than a typical PC or mobile device, but they’re also difficult—or impossible in some cases—to update and protect. He also pointed out that IoT devices typically focus on being inexpensive and consuming very little power, and that those goals need to be kept in mind for any security or resiliency solutions for IoT devices as well.
I would rather have been in Vegas at Black Hat. I would prefer to meet in person and talk about trends in cybersecurity face to face. Given the current state of the world and the global response to the COVID-19 pandemic, though, I have to say this event was pretty awesome. It was a fun and engaging time.